Uphenyo lokuvikela luthole uhlelo olungayilungele ikhompuyutha oluvula izimbobo zedeskithophu yesilawuli kude ku-firewall. Izimbobo ze-RDP (Ideskithophu Ekude) ziyasethwa, lokhu kwenza kube lula kubahlaseli ukusebenzisa kabi izimbobo ze-RDP ngokuhamba kwesikhathi.
Uhlelo olungayilungele ikhompuyutha lweSarwent luqale ukusetshenziswa kusukela ngo-2018. Ekuqaleni kuka-2020 u-Vitali Kwemez uthumele i-tweet mayelana nohlelo olungayilungele ikhompuyutha lwe-Sarwent kodwa luncane ulwazi olumayelana nohlelo olungayilungele ikhompuyutha lwe-Sarwent ku-inthanethi.
Indlela okusatshalaliswa ngayo i-Sarwent malware akwaziwa ngokuphelele; kusolwa ukuthi i-Sarwent isatshalaliswa ngolunye uhlelo olungayilungele ikhompuyutha, ngokunokwenzeka kuma-botnet.
Okwaziwayo ngeSarwent ukuthi ngemuva kokutheleleka uhlelo olungayilungele ikhompuyutha ludala olusha Windows i-akhawunti yomsebenzisi kukhompuyutha futhi ivula imbobo ye-RDP 3389 kukhompyutha naku-Firewall. I-RDP cishe izovulwa ukuze kamuva ufinyelele ikhompuyutha enaleli gciwane ngokusebenzisa okudaliwe Windows i-akhawunti yomsebenzisi.
Amakheli e-IP we-Sarwent, i-MD5 hashes, nezizinda zaziwa kusukela ku-Sarwent, le mininingwane isatshalaliswa kuma-IOCs (Izinkomba zokuyekethisa) ukuze izinkampani zithole i-Sarwent.