Comments
Malware Smominru, whose incidence was first reported in 2017, continues to infect computers in a big way. The fact that infected 4,700 computers a day shows how fast it is spreading. Reports suggest that it infected 90,000 machines globally in the month of August alone.
According to cyber security experts at Kaspersky, the victims range from universities to healthcare providers as the hackers are not too particular about their targets. “About 85 per cent of infections occur on Windows 7 and Windows Server 2008 systems. The rest include Windows Server 2012, Windows XP and Windows Server 2003,” they said.
The malware seems to have the ability to come back to hit the old victims if they fail to tackle the problem completely. “About one-fourth of the affected machines were infected again after Smominru was removed from them. In other words, some victims did clean their systems but ignored the root cause,” they said.
Modus operandi
After intruding into a computer, Smominru creates a new user, called admin$, vesting itself with admin privileges on the system and starts to download a whole bunch of malicious payloads. “The most obvious objective is to silently use infected computers for mining cryptocurrency at the victim’s expense,” they said.
The malware also downloads a set of modules used for spying and credential theft. On top of that, once Smominru gains a foothold, it tries to propagate further within the network to infect as many systems as possible.
The botnet is fiercely competitive and kills any rivals it finds on the infected computer. It disables and blocks any other malicious activities running on the targeted device. It prevents further infections by competitors.
The botnet relies on more than 20 dedicated servers, mostly located in the US, though some are hosted in Malaysia and Bulgaria.
A difficult problem
Experts at Kaspersky are of the opinion that it is not quite easy to take it down. Smominru’s attack infrastructure is widely distributed, complex, and highly flexible, making it unlikely to be taken down easily. The botnet will be active for quite some time before it can be tackled completely.
The experts ask the people to update operating systems (OS) and other software regularly to leave no doors open for the attackers.
Using strong passwords and deployment of a reliable password manager to create, manage, and automatically retrieve and enter passwords would help protect the users against brute-force attacks.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.