Crypto currencies once took internet by storm and almost all computer nerds were into mining in no time but with increased difficulty level as well cost of hardware, now making fortune by mining these currencies is not that is easy.
However, recently a botnet was discovered consisting of more than 15,000 compromised servers has been used to mine various cryptocurrencies, earning the creator around $25,000 per month.
Essentially, the guy behind this compromised server farm is using thousands of vulnerable server over internet to mint money for him by using their computing power. This botnet was first spotted in December 2016 by GuardiCore researchers, who traced back the botnet malware developer, using online handle Bond007.01, to China. Hence, the this botnet is now known as Bondnet.
So far, from the research done by GuardiCore researchers, Bond007.01 is currently using BondNet for mining cryptocurrencies — primarily Monero, but also ByteCoin, RieCoin, and ZCash. There is no evidence of making other malicious use of these server. But they warn that the hacker could easily take full control of compromised servers for illegal purposes, like mounting Mirai-style DDoS attacks.
Obviously hacker will not do any harm as these servers are making money for him. He is using only machines running Windows Server ,most of them are on Windows Server 2008 R2. The common flaws exploited by the botnet operator include known phpMyAdmin configuration flaws, exploits in JBoss, and bugs in Oracle Web Application Testing Suite, MSSQL servers, ElasticSearch, Apache Tomcat, Oracle Weblogic, and other services.
Other interesting thing is that, not all servers are used for mining, some are being used to find other vulnerable server while few are serving as file server for providing hacking related data and files. Other infected servers are turned into command-and-control (C&C) servers after they have been equipped with a fork of goup — a small open source HTTP server written in Golang.
Overall, this is one of the most clean and precise hacking incidence where hacker is able to generate money yet most of the server owners are not even aware of it. If you have Windows Server running on your machine, its advised to check your system, apply latest software patches. You may also use tools provided by Guardicore Researchers to clean up your system.