Security Market Segment LS
Wednesday, 02 November 2016 11:37

New IoT botnet works at a rapid speed

By

A researcher going by the handle unixfreakjp says a new botnet aimed at Internet-of-Things devices known as Linux/IRCTelnet has already infected 3500 devices in the space of five days.

As is the case with the Mirai malware, that was leaked on the Internet recently, Linux/IRCTelnet targets IoT devices that have not had their default usernames and passwords changed, and logs in to such devices using the telnet protocol.

Practically all routers, security cameras and other devices that can be connected to the Internet use Linux because of its design and cost.

Mirai was used in the recent attack on domain name services provider Dynamic Network Services that affected the functioning of a number of big-name websites like Twitter and Netflix.

The researcher said the code of the new botnet bore many similarities to that of Aidra, one of the earliest botnets discovered. Aidra was mentioned by an unknown security researcher who harnessed a number of IoT devices to find out the extent to which such insecure devices were present on the Internet.

iot big

He found many Italian language references in hardcoded messages in the botnet, which he said was very fast in scanning for vulnerable devices.

"It handles three or more 'scan' requests at the same time on different segments of the IP network, and these are what I saw in only a few seconds; scanning progress is overlapping each other seeking for telnet services," unixfreakjp wrote in a very detailed technical analysis that is well worth reading.

He said Linux/IRCTelnet had no persistent autostart or rootkit or anything that could damage the device it had taken over. "This malware variant can be easily removed by rebooting the infected device. But if you don't secure the telnet after reboot, it will come to infect you again," he wrote.


Subscribe to Newsletter here

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

BACK TO HOME PAGE

ZOOM WEBINARS & ONLINE EVENTS

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Research & Case Studies

Channel News

Comments