The new creation, dubbed Linux/IRCTelnet, was first identified by researchers at MalwareMustDie.org. It exploits vulnerable IoT devices via hard-coded authentication credentials. This botnet malware is based on the Aidra botnet code and managed by commands sent from an IRC server.
If there was any doubt before, it’s clear now that IoT devices are a new front in the denial-of-service wars.
It’s still unknown whether this new botnet malware will be successful. Either way, it shows that the success of the Miria botnet, the general vulnerability of IoT devices and the widespread availability of botnet code makes for a troublesome cocktail.
In another bit of alarming news, according to this story in CSOonline, botnets that are fueled at least partially by Mirai are attacking new and random targets. “Copycat hackers have been taking advantage of the Mirai malware ever since the source code was released on an online forum September 30. So far, 23 unique command-and-control servers have been connected with Mirai activity…” reports IDG News Service’s Michael Kan.
These sporadic attacks are likely a mix of attackers that have commandeered Mirai-powered botnets as well as DDoS botnet-for-hire attacks.
As reported by Jai Vijayan in Dark Reading, researchers are cooking up potentially novel (and dangerous) ideas to help combat these botnets. According to Vijayan’s story, “Leo Linsky, a software engineer with network monitoring firm PacketSled, has released code on GitHub for a worm he developed that is capable of infiltrating IoT products protected only with default credentials and changing those weak passwords.”
He describes this anti-worm worm as a purely academic project intended only to show proof-of-concept. “The idea is to show that devices can be patched by a worm that deletes itself after changing the password to something device-specific or random,” Vijayan reports.
While such an idea makes for a fun fantasy, as Vijayan noted, it’s not likely to happen, at least not by legitimate security researchers. In addition to it being blatantly illegal to dispatch worms to patch IoT devices on networks one doesn’t own or even operate, the notion is fraught with peril. The worm could cause more device and network traffic disruption than it fixes.
Unfortunately, IoT-related attacks will only be avoided as IoT device makers decide they have to design and ship devices that are securable out of the box.