• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

After Linux; Mirai Botnet is Available for Windows

February 10th, 2017 Waqas Security, Malware 0 comments
After Linux; Mirai Botnet is Available for Windows
Share on FacebookShare on Twitter

Antivirus firms Dr.Web’s researchers have identified a new variant of Mirai bot, the infamous IoT malware. This new variant is capable of targeting Windows systems and can take on more ports than its Linux version. Dr.Web researchers have dubbed the new version as Trojan.Mirai.1.

Mirai’s Windows version is in use by cybercriminals for infecting Internet of Things (IoT) devices and conducting distributed denial of service (DDoS) attacks. The original version of the malware was discovered in August 2016 by a researcher MalwareMustDie. Back then, it was identified as malware designed to target IoT devices and turn them into controllable bots specifically. Many high-profile organizations including DynDNS, security researcher Brian Krebs’ blog KrebsOnSecurity and OVH hostings were among the key targets.

More: Meet the Leet DDoS Botnet, Just as Powerful as Mirai

The purpose of developing a Windows compatible version of the notorious malware, according to Dr.Web researchers, was to ensure that Mirai is “spread to even more devices.”

Mirai malware is capable of infecting a diverse array of devices, but its main targets happen to be internet routers and IoT devices such as CCTV systems and DVRs. Once the malware manages to infect a device, it selects random IPs and tries to log in through the SSH or the Telnet port. To do this, it utilizes the list of default admin credentials of the targeted device.

The new version is believed to be a Trojan developed for Microsoft Windows. It is written in C++ language. According to researchers, it has been designed to “scan TCP ports from the indicated range of IP addresses to execute various commands and distribute other malware.”

When it is launched, the malware creates a link with its C&C (command and control) server and downloads the “configuration file (wpd.dat), and extracts the list of IP addresses.”

Afterward, it launches the scanner and also checks for other ports. After Trojan.Mirai.1 succeeds in compromising a new device with the malware, it runs the Linux OS and also launches various commands to create a DDoS Mirai bot, but if the device is running MS Windows OS, it just releases its copy. Additionally, it creates DBMS user through using the login ID “Mssqla and password Bus3456#qwein.”

[fullsquaread][/fullsquaread]

More: BlackNurse Attack Can Bring an Entire Business Offline with Just One Laptop

These credentials provide it the sysadmin rights. It can now perform a variety of tasks using the credentials and the SQL server event service. It cannot, however, execute instructions on any connection through the RDP protocol. Apart from that, it downloads a binary file on the infected device when attempting to connect to the Linux device via Telnet protocol. Lastly, it downloads and launches “Linux.Mirai.”


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.
  • Tags
  • Botnet
  • Cameras
  • Cyber Crime
  • DDOS
  • hacking
  • Malware
  • Mirai
  • security
Facebook Twitter LinkedIn Pinterest
Previous article Russian Authorities Arrest Nine for Stealing $17 Million from Banks
Next article Protecting Small Business from Increasing Cyber Attacks
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Gamarue malware found in UK Govt-funded laptops for homeschoolers
Security

Gamarue malware found in UK Govt-funded laptops for homeschoolers

16
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

142
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

96

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us