Technology

A botnet “ Vollgar '' that performs remote control and virtual currency mining targeting Microsoft SQL Server is in fashion, the attack source is China


Security

A botnet “ Vollgar '' that performs remote control and virtual currency mining targeting Microsoft SQL Server is in fashion, the attack source is China

A database management system developed by MicrosoftMicrosoft SQL Server (MS SQL)"BotnetBut security companies say that it has been in vogue since 2018, two years ago.GuardicoreAnnounced. The attack source is believed to be China, and it has been found that when infected with botnets, cryptocurrency mining is arbitrarily performed and a back door that allows remote control is installed.

The Vollgar Campaign: MS-SQL Servers Under Attack | Guardicore Labs
https://www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/

A crypto-mining botnet has been hijacking MSSQL servers for almost two years | ZDNet
https://www.zdnet.com/article/a-crypto-mining-botnet-has-been-hijacking-mssql-servers-for-almost-two-years/

WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers
https://thehackernews.com/2020/04/backdoor-.html

"VollgarThis botnet, named "", breached the server with a password brute force attack targeting MS SQL and created a virtual currency "Vollar, And build a backdoor in the OS to enable remote operation. Vollgar's activity was first observed in May 2018, two years ago, and even at the time of writing, 2000-3000 servers were infected with Vollgar every day. Guardicore reports that the countries most affected by Vollar are China, India, the United States, South Korea and Turkey.

Of the servers infected with Vollgar, about 60% have been able to remove Vollgar within two days, but 40% have not been able to remove Vollgar within two days. In addition, Vollgar removal may have been only partially performed, and 10% of infected servers seem to be infected again with Vollgar. Guardicore explains that even if infected with Vollgar, the server will behave normally, making it hard to notice.

Vollgar-infected servers include a set of tools for IP scanning and password brute force attacks, as well as sending commands to botnet-infected servers.Command & ControlThe program is downloaded and the infected server itself is the source of the attack. It has also been found that the central command and control server exists in China.

Guardicore recommends using strong passwords for MS SQL to avoid Vollgar infection. In addition, a script for PowerShell that can determine whether or not it is infected with Vollgar is released on GitHub.

labs_campaigns / Vollgar at masterguardicore / labs_campaignsGitHub
https://github.com/guardicore/labs_campaigns/tree/master/Vollgar

Copy the title and URL of this article

Source link

Do you like this article??

Show More

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button