Cryptocurrency Mining and Ransomware Targets MS SQL Servers with CLR S

Asec, a cybersecurity firm, discovers a new type of malware designed to exploit poorly managed Microsoft SQL servers. The malware uses a technique called CLR stored procedure to install malware on them using the xp_cmdshell command. This new piece of code allows attackers to execute commands in a Windows command shell and receive an instruction as input for execution. Examples of the malware include backdoors, coin miners, and proxyware. It can also execute malicious commands received from threat actors in a way similar to WebShell. According to Asec, this is the latest addition to the list of ransomware and cryptocurrency miners that can be found in SQL servers infected with this new kind of nasty code. CVE-2015-0167 describes the capabilities of this new class of malware in more detail

#shorts #techshorts #technews #tech #technology #stored procedure #malware #MS SQL