Smominru miner botnet is forcing Windows servers to mine cryptocurrency

A massive cyptocurrency mining botnet has taken over half a million machines, and may have made its cybercriminal controllers millions of dollars. The whole operation is powered by EternalBlue, the leaked NSA exploit which made the WannaCry ransomware outbreak so destructive.

The Smominru miner botnet turns infected machines into miners of the Monero cryptocurrency and is believed to have made its owners around $3.6m since it started operating in May 2017 — about a month after EternalBlue leaked and around the same time as the WannaCry attack.

While it isn’t uncommon for cybercriminals to leverage the power of hijacked networks of computers to acquire cryptocurrency, this particular network is significant due to its individual size — double that of the Adylkuzz mining botnet.

Researchers at Proofpoint say the botnet was made up of 526,000 nodes at its peak. Despite efforts to take it down, the botnet is particularly resilient and keeps regenerating itself, and therefore remains a powerful Monero mining tool for its operators.

Such is the power of the Smominru, its operators have mined 8,900 Monero, which is currently valued between $2.8m and $3.6m, with around 24 Monero (around $8,500) currently added each day.

Part of Smominru’s power lies in the types of machines it takes control of, with a large proportion of the nodes in the network consisting of Windows servers.

What makes the servers such an appealing target for cryptocurrency miners is their processing power and, because unlike a desktop computer — which regularly gets turned off and is therefore prevented from mining — the servers are always on, providing a continuous, lucrative stream of Monero.

full story: http://www.zdnet.com/article/a-giant-botnet-is-forcing-windows-servers-to-mine-cryptocurrency/