Security News Lovely. Now someone's ported IoT-menacing Mirai to Windows boxes

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Malware can spread to gizmos and gadgets after slipping into internal systems

The Mirai malware that hijacked hundreds of thousands of IoT gadgets, routers and other devices is now capable of infecting Windows systems.

The software nasty, discovered in August 2016, broke into heaps of insecure Linux-powered gizmos worldwide before running distributed denial of service attacks, most notably against DNS provider Dyn. Many household names relied on Dyn's servers to prop up their websites and online services; these big brands effectively became unreachable to consumers for hours at a time during the now infamous attack last October.

Many of the commandeered devices were personal digital video recorders, webcams, and the like. The malware spread by scanning the internet for machines with open ports and then using default or hardcoded passwords to log in and take over.

This week, researchers at Russian security software maker Dr Web documented a Windows version of the Mirai bot that scans the 'net for vulnerable IoT devices after infecting a Microsoft-powered host. That means vulnerable gear on a corporate network, hopefully shielded from the open internet by a firewall, can be attacked by adjacent Windows clients and servers if they get infected.

The Windows build, Trojan.Mirai.1, written in C++, uses lists of IP addresses and passwords to scan networks and attempt to log into devices. If it gets into a Linux machine, via Telnet for example, it downloads and runs Linux.Mirai on the compromised node, which continues the malware's spread. If Trojan.Mirai.1 finds a Windows box on a network, it attempts to use WMI and IPC to launch a new process on the computer to infect it and continue the spread.

The cyber-nasty, first spotted on Microsoft-powered systems at the end of January, also uses the MS SQL Server event service, if available, to execute commands as an administrator and install malicious software.

More info in the link above
 

Wingman

Level 4
Verified
Well-known
Feb 6, 2017
154
This week, researchers at Russian security software maker Dr Web documented a Windows version of the Mirai bot that scans the 'net for vulnerable IoT devices after infecting a Microsoft-powered host. That means vulnerable gear on a corporate network, hopefully shielded from the open internet by a firewall, can be attacked by adjacent Windows clients and servers if they get infected.

Interestingly enough, all samples were uploaded to VT in the same day (2017-01-15). Let's see when the mac version will come out :p
 
  • Like
Reactions: vemn

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top