|FROM ||Ruben Safir
|SUBJECT ||Subject: [Hangout-NYLXS] Internet of things DDOS threat
|From hangout-bounces-at-nylxs.com Sat Feb 11 18:58:46 2017
Received: from www.mrbrklyn.com (www.mrbrklyn.com [188.8.131.52])
by mrbrklyn.com (Postfix) with ESMTP id 69893161314;
Sat, 11 Feb 2017 18:58:46 -0500 (EST)
Received: from [10.0.0.62] (flatbush.mrbrklyn.com [10.0.0.62])
by mrbrklyn.com (Postfix) with ESMTP id 980D1161312
for ; Sat, 11 Feb 2017 18:58:43 -0500 (EST)
From: Ruben Safir
Date: Sat, 11 Feb 2017 18:58:43 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Subject: [Hangout-NYLXS] Internet of things DDOS threat
Reply-To: NYLXS Discussions List
List-Id: NYLXS Discussions List
Content-Type: text/plain; charset="utf-8"
A successor to Mirai? Newly discovered malware aims to create fresh IoT
Dubbed Linux/IRCTelnet, nasty's source code based on Aidra
31 Oct 2016 at 17:13, John Leyden
Miscreants have put together a new strain of malware designed to turn
insecure IoT devices into a DDoS attack platform.
The new nasty, Linux/IRCTelnet discovered by security researchers at
MalwareMustDie.org, like the infamous Mirai botnet before it relies on
default hard-coded credentials to spread across vulnerable devices. The
malware is primed for DDoS and IPv6 ready, according to a write-up on
"The malware (the bot client) is designed to aim IoT device via telnet
protocol, by using its originally coded telnet scanner function, which
is brute-forcing the known vulnerable credential of the Linux IoT boxes,
via command sent from a CNC malicious IRC server,=E2=80=9D the researchers =
"The botnet is having DoS attack mechanism like UDP flood, TCP flood,
along with other attack methods, in both IPv4 and IPv6 protocol, with
extra IP spoof option in IPv4 or IPv6 too."
The source code used to build this botnet malware is based on the
earlier Aidra botnet, according to MalwareMustDie.org. Hard-coded
Italian language messages in the user's communication interface suggest
that the author of the retro-fitted malware is an Italian speaker.
Whether Linux/IRCTelnet is effective at spreading much less attacking
systems is so far unclear. Even so it's mere arrival is a concern
because it points to further trouble ahead.
Security experts are unsurprised that hackers are seeking to emulate the
"success" of the Mirai botnet, the malware linked to the attack on DNS
provider Dyn that shut down numerous websites on 21 October.
Mike Ahmadi, global director of critical systems security at Synopsys,
commented: "It is not at all surprising that a new exploit targeting
these devices has been discovered, since many of these devices are built
using open source third-party libraries. When we apply software
composition analysis tools to many of the most popular third-party
software distributions, we often find known vulnerabilities that number
in the hundreds, and sometimes in the thousands when looking at the
total software build found on IoT devices.
"Unless builders of IoT devices incorporate more rigorous vulnerability
detection and management practices into their development process, we
can expect more of this malware botnet free for all to occur." =C2=AE
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
hangout mailing list