Widespread malware attack after thousands of servers infected

Widespread malware attack after thousands of servers infected

Today’s enterprises must ensure that all hardware being utilized for business purposes – from individual workstations and mobile devices to the overall network – are adequately protected against cyberattacks. Current malware infections have the ability to spread from one system to another, depending on the sample, making it increasingly important to have an overarching security plan, including safeguards for servers such as a restore software like Deep Freeze Server.

Recently, security researchers discovered a large-scale malware attack, being called “Operation Windigo,” that infected a considerable number of servers and sent out millions of spam emails. This resulted in the widespread infection not only of the servers, but of the user devices utilized to open the malicious messages as well.

Windigo: Growing attack campaign
Although this strain resurfaced in March 2014, it has been on security experts’ radar since it was first uncovered in 2011. Researchers recently published a report on the Windigo attack campaign, noting that it mainly targets servers connected with, belonging to the Linux Foundation, as well as systems associated with cPanel Web hosting control panel developers.

The server malware sample has been primarily active for 36 months, during which it infiltrated and jeopardized more than 25,000 servers. Once infected, the malware forced the hardware to disperse over 35 million spam emails on a daily basis, putting Windows Web users at risk of drive-by malware attacks. Furthermore, it can also display malicious banner advertisements for pornography on any type of computer.

In the report, experts noted that this infection may seem small scale in comparison to other attacks where millions of workstations may have been compromised, but it in this case, each infected system is a server, not an individual computer.

“These [servers] usually offer services to numerous users and are equipped with far more resources in terms of bandwidth, storage and computation power than normal personal computers,” researchers stated. “A denial of service attack or a spam-sending operation using one thousand servers is going to be far more effective than the same operation performed with the same number of desktop computers.”

Protecting servers from malware attacks
For this reason, it is vital to ensure that servers and other network systems are safeguarded against these kinds of attacks.

One step organizations can take with these efforts is to implement a monitoring solution that will oversee network activity and alert individuals of any suspicious actions that could point to a malware infection. Administrators should also seek to deploy a reboot to restore solution like Deep Freeze, which can bring the system back to pre-infection settings upon being reset.

About The Author

Kate Beckham

Kate has been lighting up the blogosphere for over 5 years, with a keen interest in social media and new malware threats. When not sitting at a café behind her Mac, you’ll usually find her scouring the racks for vintage finds or playing guitar.

Sign Up For A 30-Day Trial


Deep Freeze Enterprise

Centralized deployment and management as well as a host of configuration options for the Enterprise.

  • This field is for validation purposes and should be left unchanged.

Ready to find out more about Faronics? Let us know how to reach you.

We're here to help you in any way possible.