Thousands of Microsoft Servers Infected by Crypto-Mining Botnet Since 2018, Says Report

The attackers have apparently been targeting Microsoft SQL database servers to mine cryptocurrency for two years.

AccessTimeIconApr 1, 2020 at 2:05 p.m. UTC
Updated Aug 19, 2021 at 1:36 a.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

A malicious botnet has been targeting Microsoft SQL database servers to mine cryptocurrency for two years, according to a new report.

Guardicore Labs said Wednesday that in the last several weeks alone, the hackers had managed to infect close to 2,000 to 3,000 servers daily. As reported by Hacker News, the botnet has been dubbed "Vollgar" after the vollar cryptocurrency it mines alongside monero (XMR), and its "vulgar" way of operating.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • The attack brute-forces passwords in order to access servers with poor security. Once in, it executes configuration changes allowing the hackers to run malicious commands and download malware binaries.

    Entities across health care, aviation, IT, telecoms and education in China, India, South Korea, Turkey and the U.S. have all been affected, according to the report.

    The network of compromised computers was used to host all of the attackers infrastructure, with its primary command-and-control server based in China, according to Guardicore. That itself had been compromised by multiple attackers, the firm added.

    To help companies find out if their servers have been infected by this attack, Guardicore has released a script on GitHub.

    In other security news, ZDNet reported earlier this week that QR codes – now ubiquitous across the bitcoin industry as a mean of making it easier to make bitcoin payments – have become another attack vector.

    The shockingly simple attack saw malicious actors provide a purported service allowing people to create a QR code for payments to their bitcoin addresses. However, the address inserted was the attacker's own.

    Harry Denley, director of security at MyCrypto, discovered the scheme hosted on nine websites. According to the report, some $45,000 in bitcoin (BTC) has been stolen in the last month.

    For the record, it's advisable to avoid these sites at all costs: bitcoin-barcode-generator.com, bitcoinaddresstoqrcode.com, bitcoins-qr-code.com, btc-to-qr.com, create, bitcoin-qr-code.com, free-bitcoin-qr-codes.com, freebitcoinqrcodes.com, qr-code-bitcoin.com and qrcodebtc.com

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.