1. Home
  2. Security researchers discover malware that infected 90,000 computers worldwide

Security researchers discover malware that infected 90,000 computers worldwide

Agencies
October 8, 2019

Security researchers have discovered that the Smominru malware infected 90,000 machines worldwide during the month of August, with an infection rate of up to 4,700 computers per day.

In its post-infection phase, it steals victim credentials, installs a Trojan module and a cryptominer and propagates inside the network, according to researchers from Guardicore, a data centre and cloud security company.

The botnet uses several methods to propagate, but primarily it infects a system in one of two ways -- either by brute-forcing weak credentials for different Windows services, or more commonly by relying on the infamous EternalBlue exploit, cybersecurity firm Kaspersky said in a blog post last week.

Even though Microsoft patched the vulnerability EternalBlue exploits, which made the WannaCry and NotPetya outbreaks possible, many companies are simply ignoring updates, Kaspersky said.

China, Taiwan, Russia, Brazil and the US have seen the most attacks, but that doesn't mean other countries are out of its scope. For example, the largest network Smominru targeted was in Italy, with 65 hosts infected.

The criminals involved are not too particular about their targets, which range from universities to healthcare providers.

However, one detail is very consistent. About 85 per cent of infections occur on Windows 7 and Windows Server 2008 systems. The rest include Windows Server 2012, Windows XP and Windows Server 2003.

After compromising the system, Smominru creates a new user, called admin$, with admin privileges on the system and starts to download a whole bunch of malicious payloads.

The most obvious objective is to silently use infected computers for mining cryptocurrency (namely, Monero) at the victim's expense.

The malware also downloads a set of modules used for spying, data exfiltration, and credential theft.

On top of that, once Smominru gains a foothold, it tries to propagate further within the network to infect as many systems as possible.

To protect their network, computers, and data from Smominru, users need to update operating systems and other software regularly, Kaspersky said.

It is also important for users to use strong passwords. A reliable password manager that helps you create, manage, and automatically retrieve and enter passwords may help protect you against brute-force attacks.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
March 8,2020

New Delhi, Mar 8: In order to spread awareness, a special COVID-19 mobile phone caller tune was launched by all telecom operators with basic infection prevention messages played when a caller dials-out, Ministry of Health and Family Welfare said on Saturday.

"In order to spread awareness about COVID-19, a special COVID-19 mobile phone caller tune was launched by all telecom operators. Over 117.2 crore subscribers of BSNL, MTNL Reliance Jio, Airtel and Vodafone-Idea are being progressively reached out to through SMSs and Call Backs," Ministry of Health and Family Welfare said in a press statement.

"As many as 52 laboratories are now operational across the country for testing the COVID-19 virus. An additional 57 laboratories have been provided with Viral Transport Media and swabs for sample collection," the statement added.

India has 39 confirmed cases of deadly coronavirus so far. The disease has caused deaths of 3200 people globally. 

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
January 19,2020

New Delhi, Jan 19: Messaging service WhatsApp which on Sunday faced issues in transmitting multimedia content including pictures and images, prompting social media users to share hilarious memes and messages, resumed regular services after over two hours.

#WhatsAppDown was the trending hashtag on Twitter for most part of Sunday afternoon in India along with several other countries such as Brazil, Europe and also parts of Middle-East including UAE, reported downdetector.in, a realtime problem and outage monitoring website.

Users of the popular messaging app were unable to send media files, stickers and GIFs.

Most users immediately went to Twitter to find out about the problem and check if others were facing the same issue.

Numerous tweets and memes took over the internet as soon as the news broke about the WhatsApp tech issue. After around two hours of technical glitch, the app resumed full service.

Even after full recovery of media transfer, people globally still continued checking the status of the messaging app.

WhatsApp has been one of the prime messaging apps since May 2009 and has recently collaborated with Facebook.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 10,2020

In the wake of the gas leak at a factory in Visakhapatnam, the National Disaster Management Authority (NDMA) has issued detailed guidelines for restarting industries after the lockdown and the precautions to be taken for the safety of the plants as well as the workers.

In a communication to all states and union territories, the NDMA said due to several weeks of lockdown and the closure of industrial units, it is possible that some of the operators might not have followed the established standard operating procedures.

As a result, some of the manufacturing facilities, pipelines, valves may have residual chemicals, which may pose risk. The same is true for the storage facilities with hazardous chemicals and flammable materials, it said.

The NDMA guidelines said while restarting a unit, the first week should be considered as the trial or test run period after ensuring all safety protocols.

Companies should not try to achieve high production targets. There should be 24-hour sanitisation of the factory premises, it said.

The factories need to maintain a sanitisation routine every two-three hours especially in the common areas that include lunch rooms and common tables which will have to be wiped clean with disinfectants after every single use, it added.

For accommodation, the NDMA said, sanitisation needs to be performed regularly to ensure worker safety and reduce the spread of contamination.

To minimise the risk, it is important that employees who work on specific equipment are sensitised and made aware of the need to identify abnormalities like strange sounds or smell, exposed wires, vibrations, leaks, smoke, abnormal wobbling, irregular grinding or other potentially hazardous signs which indicate the need for immediate maintenance or if required shutdown, it said.

At least 11 people lost their lives and about 1,000 others were exposed to a gas leak at a factory in Andhra Pradesh''s Visakhapatnam on May 7.

The incident took place after it restarted operations when the government allowed industrial activities in certain sectors following several weeks of lockdown.

The lockdown was first announced by Prime Minister Narendra Modi on March 24 for 21 days in a bid to combat the coronavirus threat. The lockdown was then extended till May 3 and again till May 17.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.