Please Contact Us for questions about the acquisition, product support, or account management.here.
Mirai, the malware behind the largest DDoS attacks ever recorded, has been updated in order to increase distribution. Researchers have discovered an update in the form of a Windows Trojan designed to assist hackers in spreading Mirai to even more devices.
This update, named “Trojan.Mirai.1,” targets Windows computers and searches the user’s network for comprisable Linux-based connected devices. Once a device has been infected by this update, it contacts a C&C server and downloads a list of IP addresses. Upon the installation of that list, the infected machine tries to login to those devices via a series of ports:
If the infected machine spreads to a new device, it will do one of two things:
If a database is infected by Mirai, it will create a new user with admin privileges that will more than likely be used to steal data from infected devices.
Mirai targets IoT devices such as DVRs, routers, WebIP cameras, and other Linux-based devices. Once the device is accessed, the attacker then downloads and installs the malware.
“A majority of these devices have open SSH or Telnet ports, which are then accessed via hard-coded passwords that the manufacturer uses across all devices,” said Shawn Pope, a Security Analyst at Nuspire.
For more information on how to keep your data secure, click here.