A frequently spotted viral botnet malware, Smominru, has been detected as one of the most rapidly spreading entities affecting Windows PCs across the world, according to a report by cybersecurity firm, Guardicore Labs. According to the report, the botnet has been affecting nearly 4,700 PCs every day, with over 90,000 PCs affected globally in just August itself. The sophisticated malware has been spreading with a surge of activity in recent times, taking over multiple networks but not targeting any specific industry.
Some of the more alarming statistics shared by Guardicore on the Smominru botnet include over 4,900 full networks infected, and its tendency to keep returning to infected devices even after being quarantined. In fact, 25 percent of all infected PCs have been re-infected by Smominru, showing the inability of companies to act on the root of the threat promptly. The malware spreads itself by brute-force cracking of private logins on company servers, and alternately, by using the notorious NSA exploit, EternalBlue, which was behind the WannaCry and NotPetya outbreaks.
The most common preys of the Smominru botnet are PCs, networks and servers running on Windows 7, Windows Server 2008, Windows Server 2012, Windows Server 2003 and Windows XP. The biggest reason for PC networks being affected include the failure of company administrators failing to regularly patch their servers and PC networks. While for most firms this is due to logistical shortages, for many others, it is a result of ignorance and lack of being updated with the latest, crucial requirements of the industry.
While the origins of the botnet came from cryptomining hacks, the group behind the malware has successfully leveraged new, invasive techniques to expand the scope of Smominru. While updating or upgrading servers can be difficult for companies without substantial IT budgets, the present cybersecurity climate demands a bigger emphasis on this, instead of being ancillary budgets.