CPU-miner Installed via Windows OS Vulnerability

This content is 2 years old. Technology changes with time. Keep that in mind as you read this article.

Update 5/6/2017:  Close port 445 and apply MS 17-010

I have triaged a handful of Windows servers this week that started out being ticketed as high CPU / performance issues.

Upon investigation, I have found XMR cryptocurrency miners being installed through a Windows OS Vulnerability.

Read More