Xdedic Rdp Patch Download
Crooks are using the xDedic underground marketplace to sell or rent hacked servers belonging to various companies.
- Businesses should to act to reduce the likelihood of compromise from cyber attackers exploiting the remote desktop protocol, warns the FBI. Criminal entity using the tool xDedic RDP Patch.
- The forum provides members with tools to patch RDP (Remote Desktop Protocol) servers to support multiple user logins, as well as other hacking tools, such as proxy installers and sysinfo collectors. The main goal of the xDedic forum is to facilitate the buying and selling of credentials for hacked servers which are available through RDP.
The marketplace, which launched two years ago and is hosted in an Eastern European country, currently lists over 70,000 servers from all over the world and covering a variety of setups and technologies.
Authorities said they believe that xDedic facilitated more than $68,000,000 in fraud. In September 2018, the FBI sent out a public service announcement about hackers increasingly abusing RDP.
Kaspersky, the security firm that discovered xDedic, says the marketplace's owners don't sell anything but only provide a platform where criminals can advertise their hacked servers, similar to the eBay business model.
xDedic team provides their own RDP client to connect to hacked servers
All servers advertised on xDedic are vetted before being published on the market, and constantly updated. xDedic's owners use automatic scanning tools to verify if the hacked servers are accessible as the seller is claiming. These tools also return server hardware details, open ports, and a list of installed software pieces.
Sellers rarely install their own software on hacked servers and usually leave the original apps in place. The only thing they sometimes install is server patches to allow for multiple RDP sessions.
The xDedic team even created their own Windows RDP client, which connects to the service's database, gets a user's purchase history, and auto-fills connection info for any of the hacked servers bought by the customer.
Servers running e-commerce and PoS software are in high demand
The average server rental price is $6. This low price allows criminals to acquire a vast infrastructure that they can use to host and launch other cyber-attacks.
Servers with e-commerce or PoS software installed are the hottest items, allowing criminals to rent the server, access it, and deploy credit card stealers or PoS malware.
Most of these servers are compromised via brute-force attacks, after leaving ports open for sensitive services, such as RDP.
SCCLIENT malware is behind many hacked servers
Need for speed most wanted 2012 low settings patch download. After investigating the service and some of the hacked servers, Kaspersky experts claim that hackers compromised a large number of these servers using the SCCLIENT malware.
The company adds that xDedic sellers Narko, xLeon, or sirr may be behind the SCCLIENT malware. These sellers are ranked third, fourth, and fifth in xDedic's top sellers for May 2016.
Kaspersky says it managed to sinkhole five of the eight C&C servers used by the SCCLIENT malware and discovered over 3,600 infected hosts in the first twelve hours alone.
The security firm also details that it teamed up with a European ISP in order to collect data about the xDedic service, which they have now forwarded to the appropriate law enforcement authorities.
UPDATE: xDedic is now offline. At the time of publishing, the market was online and functional.
What can hackers do to a server once they’ve broken into it? A lot. Some install malware and make it part of a botnet. Others steal valuable data stored within. Still others, like those mentioned in this post, sell login credentials at shady marketplaces in the Dark Web.
Thousands of servers for sale
Earlier this month, researchers at Kaspersky revealed yet another alarming discovery in the field of cybercrime. Login credentials to over 70,000 hacked servers were being sold at an online marketplace known as xDedic. Like many underground online marketplaces where tech-savvy crooks trade illicit goods, xDedic can only be reached through the Dark Web.
Apparently, hacked servers are very affordable. Prices for hacked servers were found to go as low as 6 USD. Most of the servers were located in Brazil, China, Russia, India, Spain, Italy, France, Australia, Republic of South Africa, and Malaysia.
Xdedic Rdp Patch Download 64-bit
Launched in 2014, xDedic gained its reputation as a leading source of compromised server login credentials when 3,000 servers were added to its inventory sometime in 2015. Business has boomed since then.
Tools of the trade
xDedic not only provides a platform for buying and selling hacked servers. It also offers both buyers and sellers tools they can use in finding servers that suit their specific objectives as well as carrying out remote administration via RDP.
One example is a tool used by sellers to scan a hacked system and obtain relevant information such as the Windows version, size of RAM, type of CPU, whether ports 25 and 80 are open, type of VM used, antivirus installed, upload/download speeds, and so on. The same profiling tool is used to search for an RDP service on the server and then to patch it if any is found.
The patch modifies the RDP settings to allow multiple user logins, which would enable a buyer to access the server without alarming the server’s legitimate administrator. The buyer could then access the hacked server through xDedic’s own RDP client.
What can buyers do with a hacked server?
A hacked server can open up a lot of opportunities to a buyer, especially one who operates in the cybercrime industry. Because most of these servers have not yet been blacklisted by blacklisting engines and web reputation sites, they’re perfect for a variety of cyber attacks, including ransomware, malvertising, DDoS, phishing, and many others.
Of course, if a server also happens to store or provides access to storage systems that contain sensitive data, a buyer who specializes in identity theft could have a field day.
Pci simple controller driver windows 10. The Kaspersky researchers observed a marked interest for servers containing accounting, tax reporting and point-of-sale (POS) applications. Apparently, buyers need these applications for carrying out fraudulent operations. By making use of existing software, attackers can avoid arousing attention.
What countermeasures can help?
Xdedic Rdp Patch V2.1
Servers that end up at xDedic acquire certain characteristics that can help cybersecurity specialists determine whether a server has been hacked. For instance, the profiling tool mentioned earlier, which is installed on a hacked server after the server is compromised (usually through brute-force attacks), communicates with certain Command-and-Control locations.
Xdedic Rdp Patch Download Torrent
In addition, it has been found that the hacked servers are also infected with other pieces of software, including a certain Trojan, bitcoin mining software, and a wrapper for a proxy tool, among perhaps others. For more details about xDedic and these malicious tools, refer to the Kaspersky report on the subject.
Of course, prevention is always preferable to treatment. Once you’ve determined that your servers are safe, you should carry out server hardening to prevent future compromises.
Need help in determining whether your servers have been compromised? Contact us now for a free Harbinger network risk assessment.