WireX

WireX

WireX is a large botnet that leverages Android-powered mobile devices to perform distributed denial-of-service (DDoS) attacks on targets. Network traffic generated by WireX was discovered by researchers on August 2, 2017 and the source of the malware infections that formed the botnet was traced to approximately 300 mobile apps available for download on the Google Play Store.

Persirai

Persirai

Persirai, also labeled by Trend Micro as ELF_PERSIRAI.A, targets IP camera models based on various Original Equipment Manufacturer (OEM) products. Trend Micro researchers have determined that approximately 120,000 IP cameras are vulnerable to a Persirai infection.

Bondnet

Bondnet

Bondnet is a botnet currently used to mine cryptocurrencies, primarily Monero. It is comprised of thousands of infected Windows servers and its controller, operating under the alias "Bond007.01" and "leebond986," uses it to earn approximately one thousand USD worth of Monero per day.

Necurs

Necurs

Originally observed in 2012, Necurs is a family of malware containing rootkit capabilities that was used to form one of the world’s largest criminal botnets. Necurs has both a user mode and kernel mode component used to access systems at the root level and dynamically load additional modules.

Linux.Proxy.10

Linux.Proxy.10

Linux.Proxy.10, or Proxy, is a Trojan that targets Linux devices. It was first identified in late 2016 and by the end of January 2017, thousands of devices had been infected. Attackers use other Trojans to initially compromise the device and create a new user “mother” with the password “f***er.” They then login to the infected device via Secure Shell (SSH) and download the Proxy Trojan.

MrBlack

MrBlack, first identified in May 2014 by Russian security firm Dr. Web, is a botnet that targets Linux OS and is designed to conduct distributed denial-of-service (DDoS) attacks. In May 2015, Incapsula clients suffered a large-scale DDoS attack which the company attributed to network traffic generated by tens of thousands of small office/home office (SOHO) routers infected with MrBlack. This massive botnet spans over 109 countries, especially in Thailand and Brazil.