Trustwave has detected a new series of attacks on servers worldwide based on the exploitation of old CGI-PHP vulnerability to spread BoSSaBoTv2 botnet.
It was 2012 when security experts discovered a security flaw (CVE-2012-1823) in some PHP builds that could be exploited by a threat actor to remotely execute commands on the affected server, if PHP was configured as a CGI script (PHP-CGI) at the time.Security experts have recently discovered that the old CGI-PHP vulnerability is now exploited on a large scale to recruit machines for a botnet used with a primary purpose to mine Bitcoin. The researchers have detected different reconnaissance activities on a large scale, attackers were scanning for the above flaws in an automated fashion, and the operations were linked to various attacks over the years.
http://securityaffairs.co/wordpress/wp-content/uploads/2014/09/BoSSBoTv2-malware-IDS-alert.png
Full Article