Microsoft has reportedly discovered a new variant of the Sysrv botnet, which possesses the ability to deploy coin miners on Windows and Linux systems. Microsoft Security Intelligence released a string of posts on Twitter discussing the discovery, which it has named Sysrv-K, and how it is exploiting vulnerabilities in the Spring Framework and WordPress to deploy cryptocurrency miners. The botnet scans the internet to find vulnerable web servers, and when identified it is able to install itself onto these servers. Sysrv-K targets numerous vulnerabilities, most of which are old and have since been patched, including those found in WordPress plugins.
The new version of the Sysrv botnet boasts other malicious features as well, such as scanning for WordPress configuration files and their backups to retrieve database credentials. This function is used to gain control of the web server, says Microsoft. Similarly to previous versions, Sysrv-K scans for SSH keys, IP addresses, and hostnames. It then spreads copies of itself throughout the network. To mitigate the risks posed by the new botnet, Microsoft recommends installing all available security updates.
Read More: Microsoft Identifies Botnet Variant Targeting Windows and Linux Systems