Last month, the Open-source Content management system Drupal released a high-risk vulnerability warning that basically affected all Drupal sites or more than 1 million sites. The bulletin said that a remote code execution vulnerability was found within several subsystems of Drupal 7.x and 8.x, potentially causing the site to be completely compromised. Qihoo 360 Researchers report that multiple malicious programs are exploiting the vulnerability. One group of malware has worm-propagation behavior, with significantly more infections than other malicious software. The researchers named the botnet Muhstik, as the binary file name and the communication protocol contain the string in multiple places. Muhstik botnet is quite complex, hard coded 11 C2 domain/IP, the profit way includes dig to take XMR digital token, dig take BTC digital token, and DDoS attack.
* Source: solidot.org
More information
◈ Chinese hackers accused of attacking Japanese defense contractors
Http://t.cn/Rubl9tX
◈ Microsoft secretly Zuogeng let opera not correctly show MSN appearance will push users to IE
Http://t.cn/Rubl98q
◈ exploits "hacker" hacked into online mall and was sentenced to 1.5
Http://t.cn/RublC21
◈ in response to information disclosure: has initiated verification and investigation and reported to the police
Http://t.cn/RublCNm
(Information from the network, An Huaqin and collation)