Server Yard Sale
Aug 17, 2016
Below you can see screenshots of xDedics login page, sale item details, and user interface that allows for very specific search parameters. These photos are courtesy of Kaspersky Lab’s Global Research & Analysis Team:
Server types for sale range from databases and web servers to government infrastructure and corporations. The most expensive servers in the marketplace cost upwards of $6,000 USD. The creators of xDedic also developed profiling software to categorize all of the servers for sale on the marketplace. Specific focus of this profiling software is in accounting, tax reporting and point-of -sale (PoS) software. Most likely the reason for this is that malicious users of this marketplace want to know where the money is. Examples of the kinds of software the profiling agent looks for are listed below:
It is my recommendation that web administrators and security administrators alike check the compromised server pastebin postings for any IP addresses affiliated with their company. These can be found here:
Or lovely Kasperskys full combined list of IPs with country code based on the GeoIP here:
Over 60,000 of these servers posted are USA IP addresses. If any of these IP addresses are found to be owned by your company, contact your Computer Emergency Response Team or local law enforcement to assist in handling this situation. Additionally I would make sure to block many of these IP addresses as they house compromised infrastructure.