A recent report highlights the increasing use of the Smominru malware, which has been in circulation since 2017. Guardicore's report shows Smominru is one of the fastest growing computer malware attacks. Kaspersky Lab points out what is causing the spread of the attack.
What's interesting about the malware is it has been adopted by a wide range of bad actors. Kaspersky says attackers are not fussy about their targets, with numerous organizations across industries affected.
Smominru is a botnet attack that infects Microsoft Windows in two ways. It can either send brute force credentials across Windows services or by leveraging the EternalBlue vulnerability. Yes, this is the same EternalBlue Windows flaw that also resulted in the NotPetya and WannaCry attacks.
And yes, Microsoft has already patched affected Windows versions against EternalBlue. However, enough users have not updated and remain vulnerable. With that in mind, there is little Microsoft can do other than urge those users to update their systems to avoid being a target of Smominru.
Speaking of infected services, Smominru is exploiting Windows 7, Windows Server 2008, Windows Server 2012, Windows XP, and Windows Server 2003. It is worth noting Microsoft patched versions even if they are out of normal security support, such as XP and Server 2003.
In its blog post, Kaspersky Lab explains how the botnet manifests. The malware rests in 20 dedicated servers in the United States, Malaysia, and Bulgaria.
Because of its popularity, the infection has spread and taking it down will likely prove difficult. Users should update and use a quality anti-virus software to combat the attack.