Smominru Botnet Primarily Targets Vulnerable Windows Servers

A cryptocurrency-mining botnet, dubbed Smominru, has infected over a half million Windows machines in addition to Linux MySQL servers and MSSQL databases on Windows servers. Distributed via the ExternalBlue (CVE-2017-0144) and EsteemAudit (CVE-2017-0176) vulnerabilities, Smominru targets unpatched Windows OS servers in one of the largest cryptocurrency-mining botnet operations to date. The NJCCIC recommends users and administrators of Windows and Linux servers review the report published by Proofpoint and keep software updated with the most recent patches.