IoT botnet Mirai becomes more contagious

Mirai, the IoT botnet which caused record-breaking DDoS attacks last year, has become even more contagious due to a Windows variant.

Spotted by Kaspersky Labs, their security experts are in the process of analysing the first Windows-based spreader of the malware which is believed to have attacked 500 systems in the past couple of months. From the initial analysis, Kaspersky believes the new bot was developed by someone with a higher degree of skill than Mirai’s initial creators.

Opening up Mirai to infect Windows systems adds even more potential targets. In terms of spreading the malware from Windows to IoT devices, this can only be achieved if an infected host is able to brute force a remote telnet connection to a vulnerable endpoint.

While more robust and complex than Mirai’s previous variant, Kaspersky notes most of the components, techniques, and functionality of the new spreader are several years old. The company’s analysts believe the developer is from China due to its code being compiled on a Chinese system, using host servers maintained in Taiwan, and the abuse of stolen code-signing certificates from companies based in the country.

“The appearance of a Mirai crossover between the Linux platform and the Windows platform is a real concern, as is the arrival on the scene of more experienced developers. The release of the source code for the Zeus banking Trojan in 2011 brought years of problems for the online community – and the release of the Mirai IoT bot source code in 2016 will do the same for the Internet,” says Kurt Baumgartner, Principal Security Research at Kaspersky Lab.

“More experienced attackers, bringing increasingly sophisticated skills and techniques, are starting to leverage freely available Mirai code. A Windows botnet spreading IoT Mirai bots turns a corner and enables the spread of Mirai to newly available devices and networks that were previously unavailable to Mirai operators. This is only the beginning.”

Based on the geolocation of IP addresses involved in the second stage of attack, the countries most vulnerable are emerging markets that have invested heavily in connected technology, such as, India, Vietnam, Saudi Arabia, China, Iran, Brazil, Morocco, Turkey, Malawi, United Arab Emirates, Pakistan, Tunisia, Russia, Moldova, Venezuela, the Philippines, Colombia, Romania, Peru, Egypt and Bangladesh.

As noted by Baumgartner, this latest development is only the beginning. In the latest issue of IoT News, we spoke to F-Secure’s Security Advisor, Sean Sullivan, about botnet threats accelerating in 2017 and how to fight back against them or even turn a potential disaster into a PR win for companies affected like those who suffered high-profile DDoS attacks last year.

You can download the latest issue of IoT News free here.

Are you concerned about the spread of IoT botnets like Mirai? Share your thoughts in the comments.

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.