There are many security threats that can put Windows systems at risk. Many varieties of malware that in one way or another can affect its proper functioning. Today we echo Purple Fox, a new security problem whose mission is to scan for vulnerable Windows systems.
Purple Fox is malware that was previously distributed via exploit kits and Phishing emails. However, it has now added a module that allows it to scan and infect Internet-accessible Windows systems and carry out attacks.
This malware has rootkit and backdoor capabilities. It was first detected in 2018 after infecting more than 30,000 devices and is used as a downloader implement for other malware strains. It is not the first time that this threat sets its sights on Windows systems.
One of its qualities is to infect Windows users through their web browsers after exploiting memory corruption and elevation of privilege vulnerabilities.
However, in recent months, Purple Fox attacks have intensified significantly, reaching a total of 90,000 attacks and 600% more infections, according to Guardicore Labs security researchers Amit Serper and Ophir Harpaz.
Devices caught in this botnet include Windows Server machines running IIS version 7.5 and Microsoft FTP, and servers running Microsoft RPC, Microsoft Server SQL Server 2008 R2 and Microsoft HTTPAPI httpd 2.0, and Microsoft Terminal Service.
Although the new worm-like behavior, Purple Fox allows it to infect servers by forcing access through vulnerable SMB services exposed to the Internet, it also uses phishing campaigns and web browser vulnerabilities to distribute its payloads.
If you want to keep an eye on the sites affected by this threat then in this document you will find the Purple Fox MSI launch sites and connection servers. https://github.com/guardicore/labs_campaigns/tree/master/Purple_Fox
