Monero Mining Malware Exploits Microsoft IIS Server 6.0

Attackers are targeting Microsoft webservers running IIS 6.0.

The malware is a modified version of the open source Monero mining software “XMRig” that has been known to exploit vulnerabilities in Microsoft IIS 6.0.

Microsoft released a special patch in May addressing these vulnerabilities, despite the Operating System being End of Life (EoL) for over two years.

Affected Platforms:

Microsoft IIS 6.0 on Windows Server 2003.


  • Microsoft Patch KB4012598 needs to be downloaded and applied as it will not automatically update due to being end of life.
  • Use a vulnerability scanner (such as Nessus, OpenVAS or Microsoft Baseline Security Analyser) to identify any unpatched systems.
  • Ensure all affected platforms are updated with the most recent security updates.

Ensure your AV software is properly configured to automatically scan all files and file operations (including file reads, writes and re-names) and manually run scans on critical assets such as servers and shared network file storage.

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

One thought on “Monero Mining Malware Exploits Microsoft IIS Server 6.0

  • April 22, 2018 at 10:07 pm

    Thanks for the clarification and for the link to Microsoft Patch KB4012598 source


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: