Botnet Wars: Return of the Mirai - xiot mirai botnet variant stormtrooper - Botnet Wars: Return of the Mirai

Chinese Qihoo 30 Netlab have discovered a new variant of the Mirai botnet which caused havoc last year.

The original Mirai botnet was so destructive that it made national headlines last year in many countries around the world. Internet users found many of their favourite services were inaccessible after hackers used the botnet to DDoS companies such as Dyn, a company that controls much of the internet’s DNS infrastructure.

In that attack, over 0,000 compromised devices flooded Dyn with a record-breaking amount of traffic — reportedly in the region of 1.2Tbps.

Whenever there’s mention of Mirai, it’s bound to cause some amount of panic. Variants discovered since last year’s attack haven’t caused anywhere near as much chaos, but it could be they’re waiting for the right .

This latest variant was discovered by the researchers last week after noticing an increase in traffic scanning ports 2323 and 23. Small increases wouldn’t be of concern, but hundreds of thousands of unique IP addresses originating from Argentina  in less than a day  caught their attention.

After investigation, the researchers found the devices were scanning the ports looking for devices manufactured by ZyXEL Communications. They were using two default telnet credential combinations, admin/CentryL1nk and admin/QwestM0dem, to gain root privileges on the targeted devices.

It’s expected this Mirai variant was upgraded to exploit the vulnerability in ZyXEL PK5001Z modems identified as CVE-2016-10401.

“ZyXEL PK5001Z devices have zyad5001 as the su (superuser) password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP’s deployment of these devices),” the vulnerability description reads.

You can read my feature on botnets on page 20 of our ‘ News’ magazine. A free online copy is available here.

Are you concerned by Mirai variants and the growth of IoT botnets? Share your thoughts in the comments.

Related Stories

Source link

No tags for this post.


Please enter your comment!
Please enter your name here