SambaCry uses weaknesses in Samba’s facilities to make Linux machine concessions and use them as victims in the process of extracting decoded currency (or Monero Bitcoin or any other currency) also allows the remote attacker to hack the relevant Linux systems.
SambaCry said in a safety notice:
“All versions of Samba 3.5.0 vulnerable to a low-level implementation of remote code to a malicious client to download a shared library in write access actions allows, then download and run the server. ”
Perhaps just SambaCry used in specific cases, the victim must be a share the 445 printer port is accessible on the Internet, you must configure the shared files have to write privileges and use this known file server paths Or guessed. If these conditions are met, hackers can then download a code of their choice, and ensure that the server is implemented, perhaps with unrestricted root privileges, depending on the weak platform.
Security researchers attack Kaspersky Lab’s attack against malware that exploits the flaw to infect SambaCry Linux devices with malicious software crawling decoded parts.
Kaspersky Lab said:
“On May 30 we stopped our first attack honeypots to use this particular vulnerability but it was a charge in this feat has nothing in common with Cryopathy Trojan was EternalBlue and WannaCry. Surprisingly, it was a cryptocurrency of exploring tools ”
When Kaspersky knows nothing about the actual range of the attack. You must be the system administrators and users of Linux Samba software to the latest version to stop the attacks of the future update.
After weak-leveling machines using the SambaCry vulnerability, attackers perform two loads on target systems:
INAebsGB.so – A reverse shell that provides access to remote attackers.
CblRWuoCc.so – Backdoor which includes utilities exploring the coin-labeled CPUminer.
“With the inverted HAL left in the system, an attacker can modify a minor configuration that is already working or infecting the victim’s computer to other types of malware,” Kaspersky researchers say.
Mining encryption can be an expensive investment because it requires a large amount of computing power, but this malware to cryptocérence facilitates Internet criminals by allowing them to use the risk systems of computer resources for profit.