Search This Blog

Showing posts with label Botnet. Show all posts

Smominru Botnet Affecting Over 4,000 Windows Systems Every Day


Affecting Windows machines across the globe, Smominru has been labeled as one of the most rapidly spreading botnet malware, as per a report by data center and cloud security company, Guardicore Labs. The infection rate of this computer malware has been detected to be up to 47,000 machines per day and in the month of August alone, it compromised almost 90,000 computers, according to the report.

While attacking, Smominru compromises Windows PCs by using the NSA exploit, EternalBlue and brute-force on various services like RDP, TELNET, MS-SQL, and others. The malware is configured to steal the target's credentials and then install a cryptominer and Trojan module to compromise the network. After establishing a foothold, the malware moves laterally to affect as many systems as it potentially can inside the targeted organization.

Reportedly, the US, Russia, China, Taiwan, and Brazil witnessed the maximum number of attacks, however, other countries remain equally vulnerable to the computer malware which saw an upsurge in recent times. To exemplify, we can look at the largest network targeted and hence compromised by Smominru, which was a healthcare provider in Italy, it left a total of 65 hosts affected.

The unspecified and non-targeted nature of the attacks was notable as the compromised networks ranged from medical firms to higher-education institutions, the victims infected by the malware included cybersecurity companies as well.

It has been discovered that around 85% of the attacks are carried out on Windows 7 and Windows Server 2008 systems, while, some others are observed to be taking place on Windows XP, Windows Server 2012, and Windows Server 2003.

Seemingly, the failure of company administrators to timely patch their computer networks and servers is one of the primary reasons for the networks being compromised, although for a lot of organizations, the inability is a result of logistical scarcity, for others, it's simply due to negligence and not being regularly updated with the requirements of the sector.

A New Botnet Targeting to Infect Android Devices with Malware that Mines the Monero Cryptocurrency

Another botnet showed up over the weekend on Saturday, February 3 focused entirely on Android gadgets precisely being port 5555, which on gadgets running the Android OS is the port utilized by the operating system's native Android Debug Bridge (ADB), a troubleshooting interface which awards access to a portion of the operating system's most sensitive features.

The reason why being so that by checking for open troubleshoot ports it can infect victims with malware that mines the Monero cryptocurrency.

As per security researchers from Qihoo 360's Network Security Research Lab (Netlab) division, the ones who discovered the botnet, named ADB.miner , just gadgets, for example, cell phones, smart TVs, and television top boxes, running the Android OS have been tainted as of not long ago.

"The number of scan [sources] has doubled every 12 [hours]," said Yiming Gong, Director of the Network Security Research Lab at Qihoo 360. "We will see how big this botnet gets."


The botnet gives off an impression of being aggressive and continues growing every day, with 
infected devices filtering the Web for other victims. As of now, the Botnet seems to have infected around 7,400 devices as detected by Netlab.


Recently scanning for this port 5555, shot to the #4 spot in Netlab's most scanned ports as opposed to the previous account, as it wasn't even in the top 10.


Most IP addresses to checking for different devices (which means they are now infected) are situated in China (~40%) and South Korea (~30%). Yiming informed further that the botnet has generally infected  "television related" devices, instead of smartphones.
  
Netlab says ADB.miner utilized some of Mirai's port scanning code also marks the first time an Android malware strain has obtained code from Mirai, a strain of Linux-based malware that was previously focused on just systems administration i.e. Networking and IoT devices.

All the same, the researchers still haven't given any insights with respect to the ADB vulnerability  the attackers are using to take control over devices however cleared up that they don't think the bug is particular to a specific seller (vendor). This in all probability implies that the bug influences the centre of the Android ADB segment itself.