{[{item.pair.split("_")[0]}]} ${[{item.price.toFixed(4)}]}

{[{item.change24}]}%

{[{item.change24}]}%

CREATE ACCOUNT

analytics
COIN ANALYSIS & WATCHILIST

transaction
ADD TRANSACTIONS WITH EASE

cryptonews
CRYPTO NEWS

Have an account? login

Half a Million Servers Tricked by a Bot

news_img

February 5, 2018 | 

Joanna Newman |  0 Comments| 

978 Views

Share:

Get Into Cryptocurrency Trading Today

A Botnet, a play on the words Robot and Net, is a program or bot that operates within a network. And, Smominru is the name of a Botnet miner that recently infected more than 526,000 thousand windows servers.

In total, since its creation in May 2017, it has been estimated that it has stolen just under 9,000 Monero tokens and providing its controllers with somewhere in between $2.8 and $3.6 million US dollars.


A Slave-Master Relationship


According to experts at the cyber-security website Proofpoint, the Bot managed to exploit a security flaw in Windows’ failsafe, EternalBlue. It also managed to proceed by using SQL injections and another of Windows’ security measures, EsteemAudit.

Remember that back in May of 2017, it was through the use of EternalBlue, developed by the US National Security Agency, that hackers managed to infiltrate and spread the malware known as WannaCry.

Unlike WannaCry, whose victims were mostly personal computers, Smominru did not only infect Windows computers but Windows’ servers as well. These are a much more ideal host for the Bot since they are permanently connected to each other and have far more computing power than a personal computer. The victim computers were mostly in Russian, India, and Taiwan. The Bot took over about 50 computers at first, which then allowed it to spread to others.


Hunting for Bots


Proofpoint was recently able to establish that the Smominru Bot was hosted by SharkTech, who did not respond to any requests for a statement.

Assisted by Abuse.ch and the ShadowServer Foundation, Proofpoint has carried out a siphoning operation, meaning that they have diverted some of the malicious software’s data to a different address. This helped them determine the number of nodes that were infected, estimated at around 256,000. Then, Proofpoint contacted MineXMR, the account address in which the stolen Monero tokens are located, in hopes of banning the address from the network.

However, the initiative came to abrupt halt when the individuals behind the Bot regained control by simply changing their address again.


The Idyllic Relationship Between the Darknet and the Monero


The Monero is considered a “private” cryptocurrency. According to Europol, “Transactions within the Monero’s Blockchain cannot be attributed to any specific user or address. These transactions are hidden by default and their histories are protected.”

Last year, it was DoublePulsar, a malware program also developed by the NSA, which was used to install mining software on the backs of individual user accounts.

Now indexed by the European Union with other cryptocurrencies such as Zcash and Ether, and, according to Europol, the Monero is the most used currencies used on the Darknet after Bitcoin. This is mainly due to Alphahaay, Darknet’s Amazon, integrating the use of the Monero to its exchange platform. As it stands, the only way to get access is by being invited by another member.
Europol plans to take the site down by the end of the year.


Protect Yourself


EternalBlue is a security flaw that allows you to take control of another computer by using your Bios system.

Proofpoint’s Vice-President in charge of security threats, Kevin Epstein said that Microsoft has already updated its system to prevent any more computers taken over by a third party.

Buy & Sell Cryptocurrency Instantly

COMMENTS

0 Comments

Like this article

CREATE ACCOUNT

LIVE RATES

All COINS

TRENDING

Market Cap {[{ marketcap }]}

Symbol

Price

Change

Chart

Trade

{[{ item.pair.split('_')[0] }]}

${[{ item.price }]}

{[{ item.change24 }]}

{[{ item.change24 }]}

TRADE

Showing {[{ showing }]}

Market Cap {[{ marketcap }]}

Symbol

Price

Change

Chart

Trade

{[{ item.pair.split('_')[0] }]}

${[{ item.price }]}

{[{ item.change24 }]}

{[{ item.change24 }]}

TRADE

Showing {[{ showing_trend }]}

WHAT'S NEW

NEWS

REVIEWS

BROKERS

WALLET