• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • Latest News
  • About Us
    SEARCH
Compliance, Latest News, Network Security

Microsoft: Watch Out For This New Sysrv Botnet Varient

Microsoft is urging organizations to secure their systems after discovering a new Sysrv botnet variant that leverages security bugs.

May 17, 2022 Zachary Comeau Leave a Comment

Cryptojacking, Sysrv

Microsoft is urging organizations to secure internet-facing systems, apply security updates and secure credentials after discovering a new variant of the Sysrv botnet, which is known for exploiting vulnerabilities in web apps and databases to install coin miners on Windows and Linux systems.

In a series of tweets, the Redmond, Wash. IT giant says the new variant – which it calls Sysrv-K – is capable of additional exploits and gaining control of web servers.

The Microsoft Security Intelligence Twitter account tweets that Sysrv-K scans the internet to find web servers with various vulnerabilities to install itself, with bugs ranging from path traversal and remote file disclosure to arbitrary fire download and remote code execution flaws.

We encountered a new variant of the Sysrv botnet, known for exploiting vulnerabilities in web apps and databases to install coin miners on both Windows and Linux systems. The new variant, which we call Sysrv-K, sports additional exploits and can gain control of web servers.

— Microsoft Security Intelligence (@MsftSecIntel) May 13, 2022

Vulnerabilities largely include older bugs in WordPress plugins that have been patched, but some newer vulnerabilities are also being leveraged, including a code injection flaw in Spring Cloud Gateway (CVE-2022-22947) that could lead to arbitrary remote execution on a remote host. Once the malware is installed on a device, it deploys a cryptocurrency miner, per Microsoft’s tweets.

While using a botnet to deploy a cryptocurrency miner is not novel, Microsoft notes that Sysrv-K scans for WordPress configuration files and their backups to retrieve database credentials, which are then leveraged to gain control of the web server.

In addition, Sysvr-K has advanced communication capabilities, including the ability to use a Telegram bot.

Similar to older variants, Sysrv-K scans for SSH keys, IP addresses and the host names in an attempt to connect to other systems in the network via SSH to deploy copies of itself.

“This could put the rest of the network at risk of becoming part of the Sysrv-K botnet,” Microsoft Security Intelligence says via tweet. “We highly recommend organizations to secure internet-facing systems, including timely application of security updates and building credential hygiene.”

Microsoft also notes that Microsoft Defender for Endpoint detects this botnet, as well as older variants and their related behavior and payloads.

Tagged With: Botnet, Cybersecurity, Microsoft, Sysrv

Related Content:

  • Virgin Orbit Successfully Launches ‘Straight Up’ Mission
  • Bitwise Announces Results of June 2022 Month-End Crypto…
  • ASPINA Announces AMR Solutions
  • VHS Learning Offers Free Online Teaching Methodologies Course…

Free downloadable guide you may like:

  • Windows 11Blueprint Series: Upgrading to Windows 11

    Upgrading end users to Windows 11 could be one of the most challenging tasks IT has to face in the coming years. Although the new version is touted to provide many benefits, including some important security enhancements, when and how to roll out the upgrade will vary significantly by organization.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Uber Advanced Technologies Group Drives its Business Forward

The guiding principle for the new Uber meeting room redesign was “invisible comfort” to ensure that everyone could maximize productivity.

Windows 11
Blueprint Series: Upgrading to Windows 11

Upgrading end users to Windows 11 could be one of the most challenging tasks IT has to face in the coming years. Although the new version is touted...

The State of the IT Department in 2022

The role of the IT professional has shifted from one that supports the business to one that is deserving of a seat at the table when it comes to ma...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2022 Emerald X, LLC. All rights reserved.