Hello, welcome to the Tuesday, January 9th, 2018 edition of the Sands and its Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

If you run Weblogic and PeopleSoft, two of the big Oracle products,

then you probably are very concerned about all the data that you have

stored on these systems.

Well, we do have an attack that is going around using a fairly new exploit against vulnerability

that was patched originally in October.

This particular exploit, however, isn't actually going after

your data. Renato has a great short write-up about one of these attacks. It really only

went after installing a crypto coin miner on these systems. You have obtained a list of possible infected systems.

Right now it looks like they're in the order of 7 to 800 systems that are infected just by one

of the campaigns doing it. We have seen two, possibly three different variations of these attacks

in the last week or so.

So if you are running WebLogic, absolutely make sure that you have this October patch applied.

If not, double-check the CPU load on the system.

It may be a little bit hot.

Now, the good part about this is that this particular malware isn't

going after the data on these systems at all. It's really just ignoring that, even though the

exploit is somewhat specific to this type of system. And on Tuesday, we'll have a second article about this particular campaign, actually about

the variations of these campaigns, including some of the estimates of how much money you

can earn with crypto mining like this.

And fake antivirus, it was like really big a couple of years ago, then sort of went away.

...