Our web honeypots picked up some interesting attack traffic. The initial web application attack vector (PHP-CGI vulnerability) is not new, the malware payload is. We wanted to get this information out to the community quickly due to the following combined threat elements -
Active exploit attempts to upload/install the malware
The overall low detection rates among AV vendors
The malware is actively being sold in underground forums
more here............http://blog.spiderlabs.com/2014/09/honeypot-alert-bossabotv2-irc-botnetbitcoin-mining-analysis.html
Active exploit attempts to upload/install the malware
The overall low detection rates among AV vendors
The malware is actively being sold in underground forums
more here............http://blog.spiderlabs.com/2014/09/honeypot-alert-bossabotv2-irc-botnetbitcoin-mining-analysis.html