A few days ago, a Mirai variant malware was unleashed and impacted a huge amount of IP and DNS Servers. Now, we have newly discovered one dubbed Linux/IRCTElnet which has been based from Aidra.
These new guys have put together a new strain of malware designed to turn insecure IoT devices into a DDoS attack platform.
Linux/IRCTelnet is as nasty as it can get. It was discovered by security researchers at MalwareMustDie.org.
They also utilize the default hard-coded credentials to connect and spread with the vulnerable devices. Its attack is primed for DDoS and take note, it is IPv6 ready.
“The malware (the bot client) is designed to aim IoT device via telnet protocol, by using its originally coded telnet scanner function, which is brute-forcing the known vulnerable credential of the Linux IoT boxes, via command sent from a CNC malicious IRC server,” the researchers note.
“The botnet is having DoS attack mechanism like UDP flood, TCP flood, along with other attack methods, in both IPv4 and IPv6 protocol, with extra IP spoof option in IPv4 or IPv6 too.”
Researchers have concluded that the source code used was based on the Aidra botnet. Hard coded Italian messages on the interface would probably say that it was re-coded to fit the malware author.
As of the moment, it is unclear if the Linux/IRCTelnet is effective at spreading much less attacking system.
Because of the large spread and impact of the Mirai botnet and its so-called-success, a lot of malware developers are trying their best to emulate it. One of its biggest affected target was the DNS provider DynDNS which resulted to numerous website being affected last October 21st.
Mike Ahmadi, global director of critical systems security at Synopsys, commented: “It is not at all surprising that a new exploit targeting these devices has been discovered, since many of these devices are built using open source third-party libraries. When we apply software composition analysis tools to many of the most popular third-party software distributions, we often find known vulnerabilities that number in the hundreds, and sometimes in the thousands when looking at the total software build found on IoT devices.
“Unless builders of IoT devices incorporate more rigorous vulnerability detection and management practices into their development process, we can expect more of this malware botnet free for all to occur.”