Server mining Trojan TMP

1. You can install some anti-virus software on the computer, such as computer housekeeper, and then keep it on
to prevent viruses from entering the computer

2. This trojan takes advantage of the "eternal blue" vulnerability to attack and spread in the local area network. It builds a robust botnet of the infected machine, supports the self-renewal of the intranet, and lurks in the computer for a long time to extract Monroe money. Because most ordinary personal computers have been patched by windows security update and Tencent computer manager and other security software, they are basically not affected by wanna miner. It is suggested that if the suspected wanna miner mining Trojan horse is found, the poisoned machine can be located and isolated in time. It can be judged by scanning port 26931. If the port is open, the host has been infected; If you need to patch the intranet, all the computers that have not been patched. It is suggested that professional terminal security management software should be installed in the whole network, such as Tencent Yudian. The administrator should carry out mass antivirus and patch installation for the whole network to avoid unnecessary losses.

3.

a new customer recently consulted with sine security company, saying that his server often fails to open the website of the card, and the remote connection to the server is extremely slow. Sometimes the Ping value reaches 300-500, and he often switches. After listening to the customer's words,

will generally judge that he has been attacked by CC + DDoS mixed traffic, It's strange to say that there is no traffic attack on the computer room. It's not a traffic attack, but it also causes the server card and website to fail to open. What kind of attack is this? In order to solve the problem of

client server card, we immediately arranged a security engineer to carry out security detection and deployment on his Linux server

{rrrrrrr}

Mining Trojan horse is also designed. If the mining process is forced to stop by customers, it will automatically start to continue mining to achieve uninterrupted mining.

careful inspection shows that it is through setting the hourly task plan, remotely downloading shell mining Trojan horse, and then executing, Check whether the current process exists or not. If not, start the Trojan horse to mine

a detailed security inspection was carried out on the client's Linux server. It was found that fortunately, there was no encrypted server data, and the worm was infected with the disease

virus. If the data was encrypted, the loss would be great. The client was a platform, and the client's data was very important. After finding out the mining Trojan horse,

do customers need to know how the server is attacked? Was the Trojan horse uploaded? It can prevent the attack

in the later stage

through the security detection and analysis of our security engineers, we found that the server uses Apache Tomcat environment, the open architecture of the platform is JSP + Oracle database, and Apache Tomcat uses the version of 2016, which leads to the serious remote command execution vulnerability of Apache, Through this vulnerability, the intruder can directly invade the server and get the administrator permission of the server,

sine security engineer immediately repairs the Apache vulnerability and clears the Trojan horse. So far, the problem has been solved, the client server

runs stably, and the network station opens normally