Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security IT Technology

Thousands of Enterprise Systems Infected by New Blue Mockingbird Malware Gang (zdnet.com) 44

Thousands of enterprise systems are believed to have been infected with a cryptocurrency-mining malware operated by a group tracked under the codename of Blue Mockingbird. From a report: Discovered earlier this month by malware analysts from cloud security firm Red Canary, the Blue Mockingbird group is believed to have been active since December 2019. Researchers say Blue Mockingbird attacks public-facing servers running ASP.NET apps that use the Telerik framework for their user interface (UI) component. Hackers exploit the CVE-2019-18935 vulnerability to plant a web shell on the attacked server. They then use a version of the Juicy Potato technique to gain admin-level access and modify server settings to obtain (re)boot persistence. Once they gain full access to a system, they download and install a version of XMRRig, a popular cryptocurrency mining app for the Monero (XMR) cryptocurrency.
This discussion has been archived. No new comments can be posted.

Thousands of Enterprise Systems Infected by New Blue Mockingbird Malware Gang

Comments Filter:
  • That's a good thing (Score:3, Informative)

    by Anonymous Coward on Monday May 25, 2020 @03:48PM (#60103464)

    If you're dumb enough to be running windows, the should be some cost involved.

    • by DontBeAMoran ( 4843879 ) on Monday May 25, 2020 @05:34PM (#60103712)

      My house has seven windows, am I at risk?!

    • by vlad30 ( 44644 )
      Question is they mine cryptocurrency using stolen resources. Technically the Crypto is stolen, so if you get paid by this crypto you have received stolen goods. When the authorities come knocking can you prove the Crypto you have isn't this stolen Crypto
      • by Z00L00K ( 682162 )

        And as an extension - those that are behind Monero and other digital currencies - might also be held responsible for the "untraceability" of the transactions.

    • Kids on a lemonade stall is an enterprise. Delivering newspapers or junkmail - an enterprise. Buying a software product that purports to be enterprise still a primary school level. Back in 1980, banks defined enterprise as bulletproof, and back then had the clout to punish boeingesque software pushers for being less that 99.9%. The MS wheeled out toy OS's with toy(flawed protocols) and never did a belts and brace audit. Now these intruders are a criminal enterprise, but as we say crooks are dumb, dirt dum
  • by williamyf ( 227051 ) on Monday May 25, 2020 @04:29PM (#60103560)

    ... Maybe the Excalibur could help.

    Upsss

    Sorry, wrong franchise.

  • Really? Monero? How much money are they really making from this? I bet it's less than if they just got programming jobs. The virus has proved remote workers are viable, so there's even less excuse than before.
  • Telerik (Score:5, Insightful)

    by phantomfive ( 622387 ) on Monday May 25, 2020 @04:39PM (#60103588) Journal
    I spent a year working with Telerik. On the surface it seemed nice because there were a lot of nice looking components. It turned out later that integrating them was kind of a pain, and there were a lot of edge cases that were hard to handle. Eventually I told my manager, "I'm going to write this component myself" and it worked so much better that we gave up on Telerik. If you want your components to look good, you're better off hiring a designer than paying them.

    YMMV.
    • Sorry, it's been a day. Originally i thought you worked with (or for) telerek, but later got the impression you were working with their control product.

      The latter interested me more, we work with Infragistics' Ultra controls, and I couldn't agree with you more.

      Except that I find them unnessecarily heavy, and almost over polished looking. The software doesnt even remotely resemble anything else on the system, I guess sort of how like a qt app stands out near a bunch of gtk apps.

    • Re:Telerik (Score:5, Insightful)

      by bobcat7677 ( 561727 ) on Monday May 25, 2020 @09:28PM (#60104194) Homepage
      This story has been repeated literally thousands of times. Step 1: Everyone: Oooh, Telerik! [old guy in the back of the room: "This is not a good idea..."] Step 2: Everyone: Maybe this wasn't such a good idea? Step 3: But Telerik gives us so much, and we already invested a ton of time and money in it, lets see if support will help us bend it to our will! Step 4: There is just no way to do what we need to do given the limitations of Telerik...time to refactor...but we are going to have to live with some partial-Telerik bastardization. Step 5: Much weeping and nashing of teeth. Step 6: [old guy in the back of the room: "told you so..."] [now] Step 6a: Virus exploits Telerik framework and hijacks your production servers. [old guy in the back of the room: "I REALLY f*cking told you so..."]
      • Re:Telerik (Score:5, Insightful)

        by Tablizer ( 95088 ) on Monday May 25, 2020 @10:07PM (#60104244) Journal

        old guy in the back of the room: "told you so..."

        One of the reasons nobody wants to hire old IT people is because the org can't handle real experience with a critical eye. They want co-conspirators in bullshit and eye-candy. After you've seen several rounds of bullshit, you know what it smells like.

  • by Joe2020 ( 6760092 ) on Monday May 25, 2020 @05:33PM (#60103708)

    I actually got the middle part of the technical explanation: juicy potato.

    • The middle - you mean the space between the two words? Yeah, I get that too.
      • The middle - you mean the space between the two words? Yeah, I get that too.

        No, I do get the juicy potato. I have no fucking idea what the rest tastes like.

    • by vlad30 ( 44644 )
      No wonder there are so many people breaking into systems it used to hard to get these exploits or you had to develop them yourself now a quick google with give it to you on git hub.

      the dilemma is do you put these up and risk everyone's machine or lock it away until the fix is applied or give notice to the company and give them 14 days to fix it

  • Title (Score:4, Funny)

    by StormReaver ( 59959 ) on Monday May 25, 2020 @08:17PM (#60104096)

    Thousands of Enterprise Systems Infected by New Blue Mockingbird Malware Gang

    Man, Kirk is gonna be pissed.

    • Thousands of Enterprise Systems, I take it in thousands of different Universes?
      • by Bert64 ( 520050 )

        A starship is a very complex machine that has lots of onboard systems, maybe even thousands on a single ship...

      • by Tablizer ( 95088 )

        Thousands of Enterprise Systems, I take it in thousands of different Universes?

        and in none of them do I get a date with that green babe.

Do molecular biologists wear designer genes?

Working...