SambaCry Vulnerability Used to Deploy Backdoors on NAS Devices
By Catalin Cimpanu | July 18, 2017
Someone is using the SambaCry vulnerability to install a backdoor trojan on Linux devices running older versions of the Samba file-sharing server.
According to experts from Trend Micro, most of the attacks have targeted network-attached storage (NAS) appliances, some of which ship with the Samba server to provide file-sharing interoperability between different operating systems.
SHELLBIND backdoor deployed via SambaCry exploit
The malware, nicknamed by researchers SHELLBIND, leverages a vulnerability named SambaCry (or EternalRed) that was publicly disclosed at the end of May 2017.
The vulnerability — CVE-2017-7494 — affects all versions of the Samba software released in the last seven years, from version 3.5.0 onwards.
Two weeks after the Samba team patched its software and vulnerability details became public, someone used SambaCry to infect Linux servers and install a cryptocurrency miner named EternalMiner.
Read the full article here
