Since August, Smomimru – and its complex variants “Hexmen” and “Mykings” – has been latching on to thousands of computers a day throughout the world. Worst hit are business networks in China, Russia, Brazil, Taiwan, Italy and the US. The UK has remained largely unscathed by Smomimru but experts are warning it could be only a matter of time before the virus takes hold as they urge network managers to be vigilant.
Alarmingly, the sophisticated nature of the Smomimru bug means it can regenerate itself within minutes of being removed from a machine.
This, say Ophir Harpaz and Daniel Goldberg – the authors of a report on the terrifying virus – is what makes Smomimru so dangerous and virtually undefeatable.
“When discussing worms, there are no interesting and uninteresting targets – every vulnerable server is under attack,” the report said.
“Once it gains a foothold, Smominru attempts to move laterally and infect as many machines as possible inside the organisation.
“Within one month, more than 4,900 networks were infected by the worm.
Many of these networks had dozens of internal machines infected.”
The authors suggest that the infected systems were unpatched, and therefore already vulnerable to attack.
“Since patching is often complicated in large data centres, it is highly important to use additional security controls, such as applying network segmentation and minimising the number of internet-facing servers,” they added.
“Unfortunately, this demonstrates that while many companies spend money on expensive hardware, they are not taking basic security measures, such as patching their running operating system.”
Primarily, the infected machines were small servers with 1-4 CPU cores, but there were also some larger servers showing vulnerability. One network riddled with the crypto-mining virus was running on a 32-core server.