This dangerous new Windows botnet is growing fast

(Image credit: Shutterstock / Jaiz Anuar)

Security researchers have discovered that an old Windows malware has adapted a new attack vector to infect machines at an alarming rate.

Amit Serper and Ophir Harpaz from security specialists Guardicore spotted the Purple Fox malware exhibiting the new trait in an ongoing campaign.

“While it appears that the functionality of Purple Fox hasn’t changed much post exploitation, its spreading and distribution methods – and its worm-like behavior – are much different than described,” share the researchers as they break down the malware in a blog post.

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Worst is still to come

The researchers note that the Purple Fox malware campaign was first discovered in March 2018, and attacked the Internet Explorer web browser with various privilege escalation exploits that were usually passed along in phishing emails.

However, around the end of last year, the researchers observed the malware actively scanning and brute forcing its way into Internet-connected Windows machines. The new technique proved to be highly effective and the duo observed that the number of infected machines balloon by 600% in under a year.

The researchers believe the individuals behind the campaign have repurposed about two thousand Windows servers for the attacks. These servers are running relatively old versions of the IIS web server and Microsoft FTP with known exploitable vulnerabilities. Once the malware cracks the password, it connects with one of the compromised servers to fetch and install a rootkit to evade detection. 

What makes the campaign really dangerous, besides its very effective attack vector, is the fact that the researchers aren’t sure about its intentions. “We assume that this is laying the groundwork for something in the future,” said one of the researchers speaking to TechCrunch.

Via: TechCrunch

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.