GoldBrute: all about the army of robots that already scans the Internet
The operation of GoldBrute is very simple. First, it launches a strong attack to access Windows systems via Remote Desktop vulnerabilities. Secondly, download the zipped ZIP file with the code of the malware. GoldBrute. Start analyzing the Internet looking for other vulnerable equipment. When he finds a total of 80 computers, he sends the IP addresses to a remote server. The process is repeated on each of these vulnerable teams.
The problem is that this botnet it does not stop growing and it is complicated to quantify the number of infected computers. Another problem is that, for the moment, it is quite difficult to stop because of the system used on each infected computer and prevents security solutions from removing it.
Interest in exploiting Remote Desktop vulnerabilities has grown exponentially since Microsoft will confirm BlueKeep, a critical failure that was corrected in May. C & # 39; was present in Windows XP, Windows 7, Windows Server 2008 and 2008 R2. The other day we commented that there is even ready an attack on Windows 7 and Windows XP taking advantage of this vulnerability.
The "good" news confirmed by security researchers is that attacks against Remote Desktop and vulnerable devices continue to rely on brute force instead of taking advantage of critical failures such as: BlueKeep or others serious failures in Windows RDP.
Microsoft and even the NSA are asking all users to take action and apply security patches. If you do not use Remote Desktop, it is best to disable it. If this is not possible, it is recommended to activate Network Level Authentication (NLA) or block TCP communications on the port 3389.
source> sound of the computer