https://www.theregister.com/2021/04/14/fbi_exchange_server_malware_deletion/
"The FBI deleted web shells installed by criminals on hundreds of
Microsoft Exchange servers across the United States, it was revealed on Tuesday."
"The Feds were given approval by the courts to carry out the deletions,
which occurred without first warning the servers' owners, following the discovery and exploitation of critical vulnerabilities in the enterprise software."
I think this is a good thing. It was probably faster to get the malware
to go away in this manner. I remember the old 'Code Red' exploit that
created a back door into 'CMD.EXE'. It was in memory, so in theory you
could shut down the service from the exploit hole and end the problem.
"Failing to restart it too" would be a side benefit [to prevent re-exploitation]
"Shortly after Microsoft raised the alarm early last month over the
security holes in Exchange and provided fixes for the vulnerabilities, miscreants swarmed to exploit the programming blunders and hijack
unpatched installations."
<quote>
Although many infected system owners successfully removed the web shells
from thousands of computers, others appeared unable to do so, and
hundreds of such web shells persisted unmitigated,” the Justice
Department noted in an announcement. “Today’s operation removed one
early hacking group’s remaining web shells, which could have been used
to maintain and escalate persistent, unauthorized access to US networks.” </quote>
"Critically, however, the Feds did not touch the servers themselves and
so they remain unpatched and open to infiltration."
"The FBI said it will try to send emails to the operators of all the
servers it discovered the web shells on, advising them how to patch
their equipment."
More or less, just like it was for code red. So they notified the
owners to patch their stuff, after nuking the malware from high orbit.
But it is still up to the owners to patch their schtuff.
--
(aka 'Bombastic Bob' in case you wondered)
'Feeling with my fingers, and thinking with my brain' - me
'your story is so touching, but it sounds just like a lie'
"Straighten up and fly right"
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)