More than 50,000 machines running Microsoft SQL server have been captured through a piece of malware calling itself Nanshou (archived). The captured machines have pressed into service of their new masters and made to slave away in the altcoin mines. Microsoft SQL server software listening on a port open to the attacker provides all the opening Nanshou needs to capture root on affected boxes.