Skip to main content
close search
site logo
Dive Brief

Eternally(Blue) for you: Botnet mines $3.6M in crypotcurrency

Published Feb. 2, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Wikimedia Commons

Dive Brief:

  • More than half a million devices were impacted by the Smonminru botnet mining cryptocurrency, according to research from Proofpoint. The botnet found its legs in the EternalBlue exploit — the same one that was used to spread the WannaCry malware attack.

  • Smonminru has reportedly mined about $3.6 million worth of cryptocurrency for the hacker behind it. The botnet started circulating in May 2017, which is close to the time EternalBlue was leaked from the NSA.

  • There are about 25 hosts carrying out attacks using EternalBlue to "infect nodes and increase the size of the botnet," according to the report. Most of the nodes, at this point, are on Windows servers. Nodes are the point to which networks connect, and at its peak, Smonminru had about 526,000 nodes, according to Proofpoint. The most impacted devices are in Russia, India and Taiwan.

Dive Insight:

Bitcoin is mined by taking verified transactions and adding them to a blockchain network, which releases new bitcoin. This means that anyone who can get on the internet with sufficient hardware can mine for bitcoin.

Users are free to devise their own method of cryptocurrency using mining software and processing power, according to Kaspersky Labs. Bitcoin is currently the most popular form of cryptocurrency, and because of its increasing presence, hackers are not just attempting, but succeeding in taking advantage of the digital currency.

Individuals impacted most likely unknowingly enabled attackers by installing adware programs that are laced with malicious code that do the mining. The rapid growth of cryptocurrency has coincided with an increase in hacker-based mining. Kaspersky Lab products protected 701,000 users in 2014, and attacked users totalled 1.65 million in the first eight months of last year, according to Kaspersky Labs.

The Smonminru botnet using Windows servers may impact companies globally, but they are most likely unaware. The wormability feature of the EternalBlue exploit allows malware to travel quickly, making software patches the most likely and most convenient way to mitigate risk.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell