Krebs On Security has been around for many years now, and recently celebrated a birthday in December. With the aging of the domain and the excellent writing comes the potential of your name and likeness to come in to light in malware.
In an article titled No, I Did Not Hack Your MS Exchange Server Brian Krebs talks about a domain that is not safe to go to called KrebOnSecurity_top and it is not a good web site to go to.
I put the underline in place of the dot, instead of putting brackets which is common to show not safe urll’s when writing about them.
New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name.
David Watson who is a long time member of the Shadow Server Foundation was quoted within this article. It says:
David Watson, a longtime member and director of the Shadowserver Foundation Europe, says his group has been keeping a close eye on hundreds of unique variants of backdoors (a.k.a. “web shells”) that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers. These backdoors give an attacker complete, remote control over the Exchange server (including any of the server’s emails).
According to this article, the new place the attackers are utalizing is quite different than things the Shadow Server has ever seen. There are at least 367 web shell access points, according to the article.
There’s tons more to read including on what the krebsonsecurity.exe file does including the ip mentioned within the article.
No, I Did Not Hack Your MS Exchange Server is the article that you should read, and thanks for reading!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.