back to article A successor to Mirai? Newly discovered malware aims to create fresh IoT botnet

Miscreants have put together a new strain of malware designed to turn insecure IoT devices into a DDoS attack platform. The new nasty, Linux/IRCTelnet discovered by security researchers at MalwareMustDie.org, like the infamous Mirai botnet before it relies on default hard-coded credentials to spread across vulnerable devices. …

Silver badge
Childcatcher

sed -e g/oldbotnet/s//newbotnet/g

Oh dear, the scripts got updated again. Whatever are we to do?

Really, come on, guys. This is going to be expected as long as there are IoTs available that fall prey to exactly the same security hole.

0
0
Anonymous Coward

Re: sed -e g/oldbotnet/s//newbotnet/g

While that is true, this new thing is a critter based on two others. The big thing is that it also leverages IRC CnC. MIRAI does/did not do that. It scanned and reported possible vulnerable IPs back to the herder. A second round attempted infesting those IPs. When infested, those reported in so they could be counted. This new critter appears to scan and infest at the same time. Plus this new critter has a lot more attack capabilities. It is a new botnet even though it may be on the same devices.

1
0

Cheap Linux/ARM tat will always ship with hard-coded Telnet passwords. There's no getting past that, so the only solution is for ISPs to port-block incoming Telnet by default.

You can run Telnet in your private network, or acually /shock/ configure SSH if that tat allows it, or contact your ISP if you want that block lifted.

Unpopular idea for some reason, but the security of the internet overweighs lip service to net neutrality.

1
1
Silver badge

Telnet alternatives

Or run a home VPN server on <any user chosen port not blocked by ISP / web cafe / university> :)

0
0
Silver badge
Childcatcher

"Cheap Linux/ARM tat will always ship with hard-coded Telnet passwords"

I was quite pleasantly surprised to find a cheap webcam I bought which forced me to change the admin password on the initial login. If you forget it then you have to factory reset it and start again.

2
0
Silver badge

So with all these IoT devices running malware for various botnets (current and future), do they have any CPU cycles left to actually do what they were originally intended?

0
0
Silver badge
FAIL

Ban Linux from off the Internet

Ban Linux from off the Internet, that will cure the current DDOS hacking/phishing infestation. MalwareMustDie.org registered to 'Domain Privacy Group'. "ChinaZ is the PRC (Public Rep of China) actor's made Linux ELF DDoS malware and its service" ref. It's odd that a group of 'Chinese' state actors would refer to themselves as ChinaZ. It's a kind of big giveaway.

0
4

Re: Ban Linux from off the Internet

So what alternative would you suggest? Windows? $DEITY help us.

You ARE aware that the vast majority of machines running the backbone of the internet are running Linux, right? If you ban Linux, you pretty much wipe out the entire internet.

Also, the problem here isn't Linux, it's the shoddy security practices associated with the IoT. If you hard-code username: admin / password: password on a device, then it doesn't matter how watertight or hardened your OS code is, if you've used default login credentials. If you change the username and password (if the device will let you) then its security is as good as any other Linux box.

0
0
Silver badge

Headline for next week: "A successor to Linux/IRCTelnet?"

and so on and so forth. Is anybody really surprised? The genie is out of the bottle. As long as there are so many unsecured IoT devices out there, new nasties designed to exploit them will keep popping up. And with time they will get better and better like their PC based cousins before them. Right now we are seeing the first lower budget/higher risk groups getting into the game. Once the large malware actors get involved we'll start seeing the same kind of high tech nasties we already see spreading around in the PC world. I doubt it'll be long before we see cross platform nasties that can use both PCs and IoT devices.

0
0
Silver badge

Mike Ahmadi, global director of critical systems security at Synopsys, commented:

..."I should really learn what the word 'exploit' actually means in the context of infosec before shooting my mouth off to the press in the hopes of a bit of free publicity"?

#justsaying

#CaptainPedantic

0
0
Silver badge

Repeated percussion testing with the correct tool will cause said IoT object to stop doing nasty things to other people's networks....

The problem is locating said misbehaving IoT junk.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017