Sign in / up

back to article Lovely. Now someone's ported IoT-menacing Mirai to Windows boxes

The Mirai malware that hijacked hundreds of thousands of IoT gadgets, routers and other devices is now capable of infecting Windows systems. The software nasty, discovered in August 2016, broke into heaps of insecure Linux-powered gizmos worldwide before running distributed denial of service attacks, most notably against DNS …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Same as it ever was

    "Richard Meeus, a technology veep at California-based DDoS mitigators Nsfocus IB, said the latest flavor of Mirai poses a greater risk to enterprises."

    A guy who sells software and services to people who fear these so-called risks but can't manage their own devices says there's a greater risk now... yeah, that's what I'd expect him to say.

    So, nothing has changed. If you are stupid enough to plop devices onto open Internet connections without changing the default authentication, how the fuck is Dick Meeus going to help that?! He's not. Change your password, or have countless dollars pissed away to parasites like Dick and his ilk... let me think. Okay, I'm sold!

    I have tons of little Linux devices. When I deploy them I change the passwords. I'm behind a closed router, behind another router my ISP provides. Dick will tell you; my installation is fine and does not pose any risk. what. so. ever. Nothing like FUD to get Dicks up in the morning, I tell you!

    3 9 Reply
    1. diadomraz
      Reply Icon

      Re: Same as it ever was

      I guess you are missing the point of the article - if any of your windows boxes behind the routers becomes infected any IoT gadgets,printers or video cameras on the same network are potentially vulnerable. You might as well consider using separate VLANs for some of the stuff.

      12 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    Bored of hearing crap about IoT

    The problem is only going to be fixed when decent IT knowledge becomes the cultural norm.

    While IT is the domain of nerds and geeks people will give it a wide birth unfortunately.

    What we need, as well as talent, is good looking unawkward characters in the industry and a less elitist approach to tech.

    We should also stop trying to make things more convenient for a while convenience is creating complacency.

    The whole "it just works" mentality has come back and bitten us in the arse.

    3 4 Reply
    1. Mage Silver badge
      Reply Icon

      Re: Bored of hearing crap about IoT

      Make uPNP illegal on a Router and off by default (Kill SSDP and uPNP services on your windows OS).

      2 0 Reply
    2. Trevor_Pott Gold badge
      Reply Icon

      Re: Bored of hearing crap about IoT

      To late. IPv6 idiots baked publicly addressable IPs for every device directly into the standard and cockblock any attempt whatsoever to remedy this idiocy.

      8 0 Reply
      1. Stephen W Harris
        Reply Icon

        Re: Bored of hearing crap about IoT

        UPnP is needed on IPv4 to enable incoming port forwarding because of NAT (one IP address shared amongst many devices).

        With IPv6 the firewall functionality of routers _should_ default deny incoming connections, so it doesn't matter if your IoT device has a public IP address; the firewall blocks the attempt.

        In theory this might lead to a UPnP6 standard ("let my IPv6 device receive connections on port 12345").

        So we need to ensure two things with IPv6:

        1) Firewall configured for "default deny" incoming traffic (pretty much matching IPv4 with NAT in this case). Any firewall should default to this if it's going to be called a firewall, as opposed to just being a dumb router. So this basically means consumer equipment should have IPv6 firewall capabilities.

        2) UPnP6 never takes off.

        1 2 Reply
    3. Baldrickk
      Reply Icon

      Re: Bored of hearing crap about IoT

      How do you propose stopping making things less convenient and also less elitist/nerdish/geeky?

      Ideally, we make these things easier to use, while at the same time enforcing standards of security, such as forcing a username+password change after a reset / on first boot.

      0 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    Yawn

    Anyone with any sense knows that their IoC (Internet of Crap) devices should be behind a firewall AND on their own VLAN. Properly design IoT devices communicate only via the manufacturers server using encryption and the IoT device instigates the communication to the server so the device itself has no open listening ports.

    One of the standards bodies needs to codify a basic IoC security architecture so at least the average dunce can look for some sticker on the box of the shiny IoC device they want to buy.

    1 1 Reply
    1. Lou 2
      Reply Icon
      Mushroom

      Re: Yawn

      Nothing like a snobby geek - most people who plug their video recorder or cameras into their router have no idea what you are talking about. But they are still going to provide the devices that is going to assist in the DDoS attack that will remove your ability to use the internet effectively.

      And "properly designed" devices are expensive - so guess which one will be purchased and rolled out in their thousands.

      0 0 Reply
  4. Brian Miller

    Protecting the numpties

    Look, it would be nice if everyone were paranoid about their network security, etc. However, the world has numpties, and it's not easy protecting them, from them selves, or world + dog from the actions of numpties.

    A Windows box gets infected (and all the time), and then it spreads its binary disease wherever it can. Clue: the numptie clicked somewhere that entices numpties to click, and then everything went pear-shaped. We don't fire numpties, we just let them sit there, doing what they think of as a job. We can only clean up behind their damage.

    Yes, we need internal honeypots, routers, and firewalls that can interact with managed switches to shut down hostile devices. There's an FTC competition about that.

    At Microsoft, they monitor their network, and shut off switch ports at the drop of a hat. It's up to the people on the other end to clean up their mess, and then they'll re-enable the port of it looks safe. That's not a bad way to run a network. (Too bad they also don't fire numpties.)

    1 4 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Protecting the numpties

      In truth, I would like to un-numpty on the double quick but my boss thinks it is more expedient that I perform folder reorganizations, beautify the wordpress page, or relabel all the e-mails of the company for the n-th time.

      3 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Protecting the numpties

      It's too bad we don't live in the middle ages. I'd love than nothing more than to be the bastard at the spear head of a numpty technical inquisition.

      I'd be brutal and feared.

      Me: Guten tag herr Smith. Ze villagers inform me that you harbouring insecure IoT netwerkboxen.

      Mr Smith: I assure you mein netwerkoberfuhrer I have no insecure netwerkboxen in here.

      Me: *observes credential card from router left on the coffee table next to a laptop containing a WEP key*

      Me: *sharp intake of breath* You have secured your boxen Herr Schmidt? I see before me a card containing default credentials next to a laptop, damning evidence I think you'll agree.

      *shuffling noises from basement*

      Me: Men, search ze basement.

      *3 fuckwits make a run for the door clutching a Nest thermostat, XP laptop and Sky Broadband Router. Along with a rooted iPhone and unsecured wireless printer*

      *Two are wrestled to the ground and beaten*

      *One escapes and runs towards the horizon*

      Me: Snipers fire when ready. Fueur frei!

      *Sniper picks off escapee with a rolled up high velocity "for fuck sake secure your fucking shit" pamphlet*

      Me: You see Herr Schmidt I earnt the name "Noob Hunter" for a reason. Men take them to the truck to be processed.

      I am recruiting for this movement I require the following in my soldiers:

      1. Must "just follow orders".

      2. Enjoy Hugo Boss military wear.

      3. Have a deep, almost spiritual, hatred of anyone that uses phrases like "Im not good with computers" or "I just left it because it was easier".

      To apply simply click your heels and salute, ill know that you're ready.

      *salutes*

      7 8 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Protecting the numpties

        What a load of fucking bollocks.

        1 4 Reply
    3. Anonymous Coward
      Reply Icon
      IT Angle

      Re: Protecting the numpties

      Rarely I have read such load of pompous drivel. How easy it is to call someone numpties, Have you ever thought that if it wasn't for "numpties" you might not have your ivory tower to sit in? Indeed have you ever thought of anything at all apart from how superior you are?

      But then, what would I know. I run Macs so I must be a super numpty.

      Cheers… Ishtiaq

      5 4 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: Protecting the numpties

        @Ishtiaq

        If I didnt have to support numpties I coukd use my talents for bigger and better things. I'd still have a job numpties or not.

        I suppose most of the helpdesk roles would vanish but infrastructure needs to be build by someone.

        0 1 Reply
    4. a_yank_lurker
      Reply Icon

      Re: Protecting the numpties

      @Brian Miller - The problem is not only inept users but includes poorly designed products with idiotic default settings. The more devices one has to configure correctly with badly written instructions (if you are lucky) the more likely something will be misconfigured. User skills very widely and must accounted for in the product design and software implementation. The designers should do their jobs and not rely on the end user being an expert at network security. Most IT pros are not expert at network security so why would anyone expect the average user to have any expertise? That is fundamentally so stupid as be arrogant. Also, when one is relying on user perfection (not clicking on that dodgy attachment e.g.) you are by default one mistake away from a potential disaster. Given enough time everyone will do something stupid with a computer.

      3 0 Reply
  5. patrickstar
    Flame

    But... but... how can it infect insecure Linux boxes? There is, after all, no such thing as malware for Linux. Linux is secure!

    0 6 Reply
    1. Destroy All Monsters Silver badge
      Reply Icon

      Just hook them up to Windows for maximum infection-passing.

      2 0 Reply
    2. Paul Crawford Silver badge
      Reply Icon

      @Linux is secure!

      Yes, right up the the point when you have internet-facing ports open with default root passwords...

      0 1 Reply
  6. Hans 1
    Paris Hilton

    He who has allowed IoT crap on your network is the primary numpty, he who set it up without securing it is a secondary numpty ... if you put something on your network, it MUST BE VETTED, else, it goes on the the secondary - internet only - network because it is a device that needs internet access and belongs to a visiting client/consultant/whatever ... anything that goes on YOUR corp network is the responsibility of the NETWORK TEAM, NETWORK TEAM MUST BE literate in network security - simples.

    Then again, if you have Windows devices on your network, your network team is clearly NOT LITERATE in network security and your/their opinion does not count. This last point has nothing to do with this specific threat, it is common sense.

    Paris, because even she vets what goes into her ...

    3 3 Reply
    1. Anonymous Coward
      Reply Icon
      Paris Hilton

      Well, in Paris' case she used to be a little less selective if she had been drinking...

      0 0 Reply
  7. Anonymous Coward
    Anonymous Coward

    The Mirai threat continues

    Mirai continues to menace but the question remains, are people taking the DDoS threat seriously?

    0 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: The Mirai threat continues

      Nobody is taking it seriously because it doesnt have as wide reaching impact as a train strike. When the inconvenience does exceed a train strike and the trains strike because of it, only then will it be taken seriously.

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like