- Jul 22, 2014
- 2,525
Malware can spread to gizmos and gadgets after slipping into internal systems
The Mirai malware that hijacked hundreds of thousands of IoT gadgets, routers and other devices is now capable of infecting Windows systems.
The software nasty, discovered in August 2016, broke into heaps of insecure Linux-powered gizmos worldwide before running distributed denial of service attacks, most notably against DNS provider Dyn. Many household names relied on Dyn's servers to prop up their websites and online services; these big brands effectively became unreachable to consumers for hours at a time during the now infamous attack last October.
Many of the commandeered devices were personal digital video recorders, webcams, and the like. The malware spread by scanning the internet for machines with open ports and then using default or hardcoded passwords to log in and take over.
This week, researchers at Russian security software maker Dr Web documented a Windows version of the Mirai bot that scans the 'net for vulnerable IoT devices after infecting a Microsoft-powered host. That means vulnerable gear on a corporate network, hopefully shielded from the open internet by a firewall, can be attacked by adjacent Windows clients and servers if they get infected.
The Windows build, Trojan.Mirai.1, written in C++, uses lists of IP addresses and passwords to scan networks and attempt to log into devices. If it gets into a Linux machine, via Telnet for example, it downloads and runs Linux.Mirai on the compromised node, which continues the malware's spread. If Trojan.Mirai.1 finds a Windows box on a network, it attempts to use WMI and IPC to launch a new process on the computer to infect it and continue the spread.
The cyber-nasty, first spotted on Microsoft-powered systems at the end of January, also uses the MS SQL Server event service, if available, to execute commands as an administrator and install malicious software.
More info in the link above
The Mirai malware that hijacked hundreds of thousands of IoT gadgets, routers and other devices is now capable of infecting Windows systems.
The software nasty, discovered in August 2016, broke into heaps of insecure Linux-powered gizmos worldwide before running distributed denial of service attacks, most notably against DNS provider Dyn. Many household names relied on Dyn's servers to prop up their websites and online services; these big brands effectively became unreachable to consumers for hours at a time during the now infamous attack last October.
Many of the commandeered devices were personal digital video recorders, webcams, and the like. The malware spread by scanning the internet for machines with open ports and then using default or hardcoded passwords to log in and take over.
This week, researchers at Russian security software maker Dr Web documented a Windows version of the Mirai bot that scans the 'net for vulnerable IoT devices after infecting a Microsoft-powered host. That means vulnerable gear on a corporate network, hopefully shielded from the open internet by a firewall, can be attacked by adjacent Windows clients and servers if they get infected.
The Windows build, Trojan.Mirai.1, written in C++, uses lists of IP addresses and passwords to scan networks and attempt to log into devices. If it gets into a Linux machine, via Telnet for example, it downloads and runs Linux.Mirai on the compromised node, which continues the malware's spread. If Trojan.Mirai.1 finds a Windows box on a network, it attempts to use WMI and IPC to launch a new process on the computer to infect it and continue the spread.
The cyber-nasty, first spotted on Microsoft-powered systems at the end of January, also uses the MS SQL Server event service, if available, to execute commands as an administrator and install malicious software.
More info in the link above
