Stantinko is a massive and sophisticated adware botnet primarily targeting users in Russia and Ukraine. It is estimated to include approximately 500,000 infected systems at the time of this post.
Linux.Proxy.10, or Proxy, is a Trojan that targets Linux devices. It was first identified in late 2016 and by the end of January 2017, thousands of devices had been infected. Attackers use other Trojans to initially compromise the device and create a new user “mother” with the password “f***er.” They then login to the infected device via Secure Shell (SSH) and download the Proxy Trojan.
MrBlack, first identified in May 2014 by Russian security firm Dr. Web, is a botnet that targets Linux OS and is designed to conduct distributed denial-of-service (DDoS) attacks. In May 2015, Incapsula clients suffered a large-scale DDoS attack which the company attributed to network traffic generated by tens of thousands of small office/home office (SOHO) routers infected with MrBlack. This massive botnet spans over 109 countries, especially in Thailand and Brazil.
Discovered in late 2014, SoakSoak is a Russian-based malware variant designed to scan for vulnerabilities within WordPress-powered websites and exploits them in order to turn its targets into a malware-distribution botnet.
The Mirai Botnet is named after the Mirai Trojan, the malware that was used in its creation. Mirai was discovered by MalwareMustDie!, a white-hat security research group, in August 2016. After obtaining samples of the Mirai Trojan, they determined that it had evolved from a previously-created Trojan, known as Gafgyt, Lizkebab, Bashlite, Bash0day, Bashdoor, and Torlus.
First detected in August 2016 by researchers at ESET, Rakos is a strain of malware that targets and infects Linux servers and Linux-based IoT devices. Rakos operates by performing brute-force attacks against Secure Shell (SSH) logins of targeted devices and adding them to its botnet to perform additional attacks.