Persirai

Persirai

Persirai, also labeled by Trend Micro as ELF_PERSIRAI.A, targets IP camera models based on various Original Equipment Manufacturer (OEM) products. Trend Micro researchers have determined that approximately 120,000 IP cameras are vulnerable to a Persirai infection.

Bondnet

Bondnet

Bondnet is a botnet currently used to mine cryptocurrencies, primarily Monero. It is comprised of thousands of infected Windows servers and its controller, operating under the alias "Bond007.01" and "leebond986," uses it to earn approximately one thousand USD worth of Monero per day.

Necurs

Necurs

Originally observed in 2012, Necurs is a family of malware containing rootkit capabilities that was used to form one of the world’s largest criminal botnets. Necurs has both a user mode and kernel mode component used to access systems at the root level and dynamically load additional modules.

Linux.Proxy.10

Linux.Proxy.10

Linux.Proxy.10, or Proxy, is a Trojan that targets Linux devices. It was first identified in late 2016 and by the end of January 2017, thousands of devices had been infected. Attackers use other Trojans to initially compromise the device and create a new user “mother” with the password “f***er.” They then login to the infected device via Secure Shell (SSH) and download the Proxy Trojan.

MrBlack

MrBlack, first identified in May 2014 by Russian security firm Dr. Web, is a botnet that targets Linux OS and is designed to conduct distributed denial-of-service (DDoS) attacks. In May 2015, Incapsula clients suffered a large-scale DDoS attack which the company attributed to network traffic generated by tens of thousands of small office/home office (SOHO) routers infected with MrBlack. This massive botnet spans over 109 countries, especially in Thailand and Brazil.

Mirai Botnet

The Mirai Botnet is named after the Mirai Trojan, the malware that was used in its creation. Mirai was discovered by MalwareMustDie!, a white-hat security research group, in August 2016. After obtaining samples of the Mirai Trojan, they determined that it had evolved from a previously-created Trojan, known as Gafgyt, Lizkebab, Bashlite, Bash0day, Bashdoor, and Torlus.

Rakos

First detected in August 2016 by researchers at ESET, Rakos is a strain of malware that targets and infects Linux servers and Linux-based IoT devices. Rakos operates by performing brute-force attacks against Secure Shell (SSH) logins of targeted devices and adding them to its botnet to perform additional attacks.

TheMoon Botnet

TheMoon Botnet

Discovered as a worm in 2014, TheMoon was observed by a researcher at the SANS Internet Storm Center spreading itself to a large number of Linksys router models. Delivered in the form of a 2 MB ELF MIPS binary, it connects to port 8080 and then, after determining the versions of hardware and firmware, it sends an exploit to a vulnerable CGI script running on the targeted router.