By its size and consistency, it’s one of the most dangerous botnets “seen” around in recent months. On the strength of its half a million zombie devices (but the number
By size and consistency, it’s one of the most dangerous botnets “seen” around in recent months. Strengthened by its half a million zombie devices (but the number is rapidly growing), Smominru scares a little bit of everyone, computer security experts in primis.
The reasons for so much concern, however, are not the ones you can easily imagine. Unlike in the past, when botnets were used for massive DDoS attacks capable of jeopardizing the functioning of the Internet (see the case of Mirai, for example), today networks of zombie devices are used to mine cryptocurrency. More and more hackers prefer to use the computing power of infected computers to create Bitcoin, Ethereum or other cryptocurrencies: a system that allows them to earn money faster and, above all, to attract less attention from Governments and cybersecurity researchers.
What is it and how does Smominru work
Discovered by security experts at Proofpoint, Smominru exploits the group of vulnerabilities known as EternalBlue (also used by spy agencies to keep tabs on PCs of millions of people around the world) to infect PCs and spread through the Internet. Created in May 2017, Smominru has undergone several attempts to “neutralize” it, but has always been able to resist and recover. Since the beginning of 2018, it lives a sort of “second youth and gets to exceed half a million zombie devices.
Once infected a computer, Smominru automatically spreads to other devices on the same network, thus managing to spread quite fast. Once active, it “forces” the PC to download all the necessary software to join a pool of miners and start creating Monero, one of the cryptocurrencies preferred by hackers and cyber criminals for the high levels of anonymity it can offer. It is, therefore, an evolved form of cryptojackers, i.e. those softwares or viruses that force computers and smartphones to mine without their legitimate owner knowing anything about it.
So doing, Smominru’s authors were able to generate up to 30 Monero per day, for a total of about 9,000 Monero over seven months of activity. Taking into account the value of the Monero, that’s a capital of over $2 million.
Server botnet
Smominru, of course, is not the first botnet used to mine altcoins. It stands out from the others, however, for two reasons: its size (over 500 thousand zombie computers) and for being composed almost exclusively of Windows servers. This choice has allowed cyber criminals to have very powerful and, above all, always active miners at their disposal.