Someone from China is Distributing Mirai Malware Through Windows Botnet

Botnet on a Digital Binary Warning Abstract

Mirai malware was discovered in 2016 when it was used the Internet’s largest DDoS attack on DYN DNS and OVH hostings. A couple of weeks ago, it was also discovered that after infecting Linux devices, the Mirai malware is can also infect Windows devices.

Now, in a report published by Kaspersky Lab, it was identified that the code had been written by someone experienced and who is well-versed in spreading the IoT malware onto Linux systems in specific conditions. According to their research, the campaign isn’t merely an over-hyped hike from Linux based Mirai to Windows based Mirai because it appears to be yet more proof of the dangers of public availability of the source code of Mirai malware and the inadequacy of security measures that has made IoT devices and embedded systems so vulnerable to hacking.

It is, however, quite alarming that Mirai is easily spreading from OS to OS. As per the report from Kaspersky Lab, just like Zeus banking Trojan source code’s release turned out to be a devastating step for the online community, the leaking of Mirai IoT source code is also becoming a big problem as far as the security of the Internet-connected infrastructure is concerned. This is indeed concerning for the online security fraternity as the problems will continue to rise for many years as it is just the beginning of hackers learning to use the source code in a variety of ways.

Windows botnet can spread to Linux-based machines through using brute force attack against the device’s remote telnet connection and may then spread over SMI, SQL Injection and SSH attacks as well as IPC techniques. These can target cameras that are IP based, media center appliances, internet connected DVRs and Banana Pi and Raspberry Pi devices.

Kaspersky Lab researcher Kurt Baumgartner noted that this year around 500 different systems had been targeted and most of the targets are located in emerging markets.

“More experienced attackers, bringing increasingly sophisticated skills and techniques, are starting to leverage freely available Mirai code. A Windows botnet spreading IoT Mirai bots turns a corner and enables the spread of Mirai to newly available devices and networks that were previously unavailable to Mirai operators. This is only the beginning,” added Baumgartner.

As per their analysis, the bot was not just coded and compiled on a Chinese machine but also signed with code-signing certificates that were stolen from a pair of Chinese silicon and wafer manufacturers namely Xi’ a JingTech Electronic Technology, Ltd., and Partner Tech Co., Ltd. Both are Shanghai-based companies.

The malware’s main targets are Microsoft SQL servers, and MySQL database servers since these are internet-oriented servers and offer access to privately networked devices like IP-based cameras and DVRs. Researchers at Kaspersky Lab have also noticed that the attack occurs in stages as these include scanning and attacking of online sources so that more instructions and malware could be added to the devices.

DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Related Posts