{"id":6501,"date":"2021-01-04T12:19:00","date_gmt":"2021-01-04T11:19:00","guid":{"rendered":"https:\/\/webhosting.de\/?p=6501"},"modified":"2025-02-19T18:54:25","modified_gmt":"2025-02-19T17:54:25","slug":"malware-makes-linux-and-windowservers-to-monero-miners","status":"publish","type":"post","link":"https:\/\/webhosting.de\/fr\/malware-macht-linux-und-windowsserver-zu-monero-minern\/","title":{"rendered":"Les logiciels malveillants transforment les serveurs Linux et Windows en mineurs Monero"},"content":{"rendered":"

Les employ\u00e9s de la soci\u00e9t\u00e9 d'analyse de logiciels malveillants Intezer ont, selon un Blog post<\/a>ont d\u00e9couvert un nouveau ver qui attaque les serveurs Linux et Windows afin d'utiliser leur puissance de calcul pour exploiter la cryptocourant Monero. En r\u00e8gle g\u00e9n\u00e9rale, le Monero, contrairement \u00e0 de nombreuses autres cryptocurrences, n'est pas calcul\u00e9 avec des Asics sp\u00e9ciaux, mais avec des GPU et CPU conventionnels. Les serveurs x86 d\u00e9tourn\u00e9s obtiennent donc un rendement \u00e9lev\u00e9.<\/p>\n\n\n\n

Selon Intezer, le ver est distribu\u00e9 et contr\u00f4l\u00e9 de mani\u00e8re centralis\u00e9e par un serveur de commande et de contr\u00f4le. R\u00e9gulier Mises \u00e0 jour<\/a> sur le serveur sugg\u00e8rent que le r\u00e9seau minier est administr\u00e9 par un groupe de piratage actif.<\/p>\n\n\n\n

MySQL, Tomcat et Jenkins comme vecteurs d'attaque<\/h2>\n\n\n\n

Le ver se propage via des interfaces de services visibles par le public, telles que MySQL<\/a>Tomcat et Jenkins (ports tels que 8080, 7001 et 3306). Le ver tente de deviner des mots de passe faibles pour ces services via une attaque par force brute. Dans un premier temps, une approche par dictionnaire est utilis\u00e9e, dans laquelle les mots de passe fr\u00e9quemment utilis\u00e9s sont test\u00e9s de mani\u00e8re prioritaire.<\/p>\n\n\n\n

Une fois que le malware a d\u00e9couvert un mot de passe, il distribue un script de compte-gouttes via bash ou powershell qui installe un mineur MXRig. En outre, le ver tente ensuite de ind\u00e9pendant<\/a> sur le r\u00e9seau du serveur infect\u00e9 afin d'exploiter d'autres ressources pour le cryptomining. Actuellement, le malware n'est pas d\u00e9tect\u00e9 par les logiciels antivirus et est donc tr\u00e8s dangereux, selon Intezer.<\/p>\n\n\n\n

Par cons\u00e9quent, seuls des mots de passe forts et, si possible, une authentification \u00e0 deux facteurs peuvent assurer la protection. La soci\u00e9t\u00e9 de s\u00e9curit\u00e9 recommande \u00e9galement de d\u00e9sactiver les services qui ne sont pas utilis\u00e9s et de restreindre l'accessibilit\u00e9 des services requis de l'ext\u00e9rieur. En outre, selon Intezer, un logiciel maintenu \u00e0 jour peut souvent emp\u00eacher l'infection par des logiciels malveillants.<\/p>\n\n\n\n

<\/p>","protected":false},"excerpt":{"rendered":"

Un ver r\u00e9cemment d\u00e9couvert s'infiltre dans les serveurs Windows et Linux pour utiliser leur puissance afin de miner Monero. <\/p>","protected":false},"author":2,"featured_media":6502,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[685],"tags":[951,963,962],"class_list":["post-6501","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-allgemein","tag-hacker","tag-kryptowaehrung","tag-monero"],"acf":[],"_wp_attached_file":null,"_wp_attachment_metadata":null,"litespeed-optimize-size":null,"litespeed-optimize-set":null,"_elementor_source_image_hash":null,"_wp_attachment_image_alt":null,"stockpack_author_name":null,"stockpack_author_url":null,"stockpack_provider":null,"stockpack_image_url":null,"stockpack_license":null,"stockpack_license_url":null,"stockpack_modification":null,"color":null,"original_id":null,"original_url":null,"original_link":null,"unsplash_location":null,"unsplash_sponsor":null,"unsplash_exif":null,"unsplash_attachment_metadata":null,"_elementor_is_screenshot":null,"surfer_file_name":null,"surfer_file_original_url":null,"envato_tk_source_kit":null,"envato_tk_source_index":null,"envato_tk_manifest":null,"envato_tk_folder_name":null,"envato_tk_builder":null,"envato_elements_download_event":null,"_menu_item_type":null,"_menu_item_menu_item_parent":null,"_menu_item_object_id":null,"_menu_item_object":null,"_menu_item_target":null,"_menu_item_classes":null,"_menu_item_xfn":null,"_menu_item_url":null,"_trp_menu_languages":null,"rank_math_primary_category":"685","rank_math_title":null,"inline_featured_image":null,"_yoast_wpseo_primary_category":"692","rank_math_schema_blogposting":null,"rank_math_schema_videoobject":null,"_oembed_049c719bc4a9f89deaead66a7da9fddc":null,"_oembed_time_049c719bc4a9f89deaead66a7da9fddc":null,"_yoast_wpseo_focuskw":null,"_yoast_wpseo_linkdex":null,"_oembed_27e3473bf8bec795fbeb3a9d38489348":null,"_oembed_c3b0f6959478faf92a1f343d8f96b19e":null,"_trp_translated_slug_en_us":null,"_wp_desired_post_slug":null,"_yoast_wpseo_title":null,"tldname":null,"tldpreis":null,"tldrubrik":null,"tldpolicylink":null,"tldsize":null,"tldregistrierungsdauer":null,"tldtransfer":null,"tldwhoisprivacy":null,"tldregistrarchange":null,"tldregistrantchange":null,"tldwhoisupdate":null,"tldnameserverupdate":null,"tlddeletesofort":null,"tlddeleteexpire":null,"tldumlaute":null,"tldrestore":null,"tldsubcategory":null,"tldbildname":null,"tldbildurl":null,"tldclean":null,"tldcategory":null,"tldpolicy":null,"tldbesonderheiten":null,"tld_bedeutung":null,"_oembed_d167040d816d8f94c072940c8009f5f8":null,"_oembed_b0a0fa59ef14f8870da2c63f2027d064":null,"_oembed_4792fa4dfb2a8f09ab950a73b7f313ba":null,"_oembed_33ceb1fe54a8ab775d9410abf699878d":null,"_oembed_fd7014d14d919b45ec004937c0db9335":null,"_oembed_21a029d076783ec3e8042698c351bd7e":null,"_oembed_be5ea8a0c7b18e658f08cc571a909452":null,"_oembed_a9ca7a298b19f9b48ec5914e010294d2":null,"_oembed_f8db6b27d08a2bb1f920e7647808899a":null,"_oembed_168ebde5096e77d8a89326519af9e022":null,"_oembed_cdb76f1b345b42743edfe25481b6f98f":null,"_oembed_87b0613611ae54e86e8864265404b0a1":null,"_oembed_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_oembed_time_27aa0e5cf3f1bb4bc416a4641a5ac273":null,"_tldname":null,"_tldclean":null,"_tldpreis":null,"_tldcategory":null,"_tldsubcategory":null,"_tldpolicy":null,"_tldpolicylink":null,"_tldsize":null,"_tldregistrierungsdauer":null,"_tldtransfer":null,"_tldwhoisprivacy":null,"_tldregistrarchange":null,"_tldregistrantchange":null,"_tldwhoisupdate":null,"_tldnameserverupdate":null,"_tlddeletesofort":null,"_tlddeleteexpire":null,"_tldumlaute":null,"_tldrestore":null,"_tldbildname":null,"_tldbildurl":null,"_tld_bedeutung":null,"_tldbesonderheiten":null,"_oembed_ad96e4112edb9f8ffa35731d4098bc6b":null,"_oembed_8357e2b8a2575c74ed5978f262a10126":null,"_oembed_3d5fea5103dd0d22ec5d6a33eff7f863":null,"_eael_widget_elements":null,"_oembed_0d8a206f09633e3d62b95a15a4dd0487":null,"_oembed_time_0d8a206f09633e3d62b95a15a4dd0487":null,"_aioseo_description":null,"_eb_attr":null,"_eb_data_table":null,"_oembed_819a879e7da16dd629cfd15a97334c8a":null,"_oembed_time_819a879e7da16dd629cfd15a97334c8a":null,"_acf_changed":null,"_wpcode_auto_insert":null,"_edit_last":"1","_edit_lock":"1609759142:1","_oembed_e7b913c6c84084ed9702cb4feb012ddd":null,"_oembed_bfde9e10f59a17b85fc8917fa7edf782":null,"_oembed_time_bfde9e10f59a17b85fc8917fa7edf782":null,"_oembed_03514b67990db061d7c4672de26dc514":"