Dois anos após a Mirai criminosos ataque botnet em todo o mundo em todo o mundo estão utilizando-o para vários usos maliciosos. Recentemente especialistas em segurança descobriram que várias novas versões de que foram desenvolvidos. An in-depth look shows that the new releases are the work of independent hackers not related to the original authors.
Independent Hackers Create Upgraded Versions of The Mirai Botnet
o [wplinkpreview url =”https://sensorstechforum.com/mirai-new-variant-port-23-port-2323-cve-2016-10401/”]Mirai botnet has been used to take down millions of sites by its original developers thanks to its ability to to infect thousands of vulnerable devices. This lead to the development of alternative botnet engines that all have the goal of being used as weapons that can achieve the same results according to a new security report. Ever since Mirai’s original source code was made available on the underground hacker forums independent hackers and criminal collectives started to develop their own versions. At the same time security researchers used it to gain insight into the attack operations to understand how to provide a working defensive mechanism.
One of the new versions of the Mirai botnet was discovered in July 2018. It lead the security researchers to a link containing seven different variants. All of them build upon the original behavior pattern which is the following:
- Scanning the target IoT devices for vulnerabilities associated with the malicious payloads.
- Brute forcing the open ports by using default and/or weak credentials via remote connection protocols.
- The devices will be infected with the malicious code holding the main Mirai botnet. It programs the compromised host to continue infecting other devices available on the internal local network.
- Over a predefined period of time the bot will report to a specific command and control server. When prompted the devices will launch a distributed denial-of-service attack against a certain target.
Further Information on the New Mirai Botnet Versions
The analysis of the newly discovered versions of Mirai shows that they take advantage of the modular framework. The leaked source code contains instructions, how-to messages and other information giving details on how they can be tweaked further.
The following versions were identified:
- Akiru — It kills ports related to the operations of CCTV DVR equipment (81), Netis routers (53413) and Realtek SDK access (52869).
- Katrina_V1 — alongside Netis and Realtek devices it can also affect Huawei HG532 models which utilize port 37215.
- Sora — It affects the same devices as Katrina_V1.
- Saikin — It targets the ARCO e RCE.
- Owari — It affects the same devices as Katrina_V1.
- Josho_V3 — Still in development.
- Tokyo — It affects the same devices as Katrina_V1.
All of these versions can be used to cause large-scale attacks that may be as effective as Mirai if the right number of infrastructure devices are recruited. The fact there are numerous versions of the main code developed shows that many hacker individuals and groups are continuing to use this method.