To violate Linux machines in Samba installations and to use them as victims in a comprehensive crypto currency mining process (Bitcoin or Monero or any other similar currency), SambaCry is using an attack, also enabling a remote attacker to hack into affected Linux systems.
Samba in a security advisory stated:
“To a remote code execution vulnerability, all versions of Samba from 3.5.0 onwards are vulnerable, allowing to upload a shared library to a writable share by a malicious client, and then cause to load and execute it by the server.”
SambaCry will run under specific situations such as the victim should have printer-sharing port 445 reachable on the Internet, and shared files should be configured to have to write privileges. Further, there should be a usage of known or guessable server paths for those files. If these requirements are fulfilled, remote hackers can cause the server to execute by uploading any code of their choosing, possibly with unfettered root privileges, depending on the vulnerable platform.Kaspersky Lab security researchers have found a malware attack that is exploiting to infect Linux machines the SambaCry flaw with a cryptocurrency mining malware.
Further, Kaspersky Lab stated:
“On May 30th our honeypots tracked the first attack to make use of this particular vulnerability, but in this exploit the payload had nothing in common with the Trojan-Crypt that was EternalBlue and WannaCry. Surprisingly, it was a cryptocurrency mining utility!”At the time Kaspersky has fewer details about the actual range of the attack. To stop future attacks System administrators and Linux users must update their Samba software to the latest version.
Blog Post: https://www.techzata.com/sambacry-exploited-by-hackers-to-attack-linux/
Congratulations @techzata! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!