![]() ![]() Researchers say the botnet can help malicious actors make a profit by delivering cryptocurrency miners such as XMRig and CGMiner, and by using Muhstik to launch distributed denial-of-service (DDoS) attacks. Muhstik uses two main propagation methods: the aioscan scanning module, which includes seven scanning-related payloads on four different ports, and an SSH scanning module that looks for systems with weak passwords. We name it muhstik, for this key word keeps popup in its binary file name and the communication IRC channel.” “After investigation, we believe this botnet has been active for quit a time. ![]() “We noticed one of them has worm-propagation behavior,” 360Netlab wrote in a blog post. Experts believe Muhstik is actually a variant of the old Tsunami botnet. The company says some of the Drupalgeddon2 attacks are powered by a relatively large botnet tracked by the company as Muhstik. While many of the exploitation attempts represent scans designed to identify vulnerable systems, cybersecurity firms have spotted several campaigns that leverage the flaw to deliver cryptocurrency miners, backdoors and other types of malware.Īccording to 360Netlab, at least three threat groups have been exploiting the recently patched vulnerability. ![]() The Drupalgeddon2 vulnerability was patched in late March and the first attacks were spotted roughly two weeks later, shortly after technical details and a proof-of-concept (PoC) exploit were made public. “The Security Team or any other party is not able to release any more information about this vulnerability until the announcement is made.” “For all security updates, the Drupal Security Team urges you to reserve time for core updates at that time because there is some risk that exploits might be developed within hours or days,” Drupal said. While Drupal developers have described the upcoming security releases as a follow-up to the updates that fixed Drupalgeddon2, a separate CVE identifier, namely CVE-2018-7602, has been assigned to the new vulnerability. The Drupal core updates, scheduled for April 25 between 16:00 and 18:00 UTC, will deliver a follow-up patch for the highly critical vulnerability tracked as CVE-2018-7600 and dubbed “Drupalgeddon2.”
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |