Delaware, USA – February 8, 2018 – In early February, researchers published information about the two largest botnets, active since the second quarter of 2017. Smominru and DDG botnets are mining Monero cryptocurrency providing their operators with a significant profit. Researchers from Proofpoint claim that the Smominru botnet, which appeared in May 2017, infected more than half a million Windows-based systems, most of which are located in Russia, India and Taiwan. This botnet has already brought criminals about 9000 Monero (approximately 2.4 million dollars), to expand botnet they use various exploits that target web servers running Windows. Botnet DDG was discovered by researchers from Netlab; it attacks Redis and OrientDB servers using CVE-2017-11467 vulnerability and brute-forcing passwords. Approximately 4,400 servers have been infected, mainly located in China and the United States. Operators of this botnet have already collected about one million dollars, but researchers suggest that this amount is at least 1.5 times more.
Web servers are an attractive target for adversaries since they allow to get significantly larger profit. To monitor the security of your servers, you can use Web Application Security framework for ArcSight, which notifies SIEM administrators about any suspicious activity.