Security News New Vulnerability Could Give Mirai the Ability to Survive Device Reboots

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
....some quotes from the article above:

Until now, all malware targeting IoT devices survived only until the user rebooted his equipment, which cleared the device's memory and erased the malware from the user's equipment.

Intense Internet scans for vulnerable targets meant that devices survived only minutes until they were reinfected again, which meant that users needed to secure devices with unique passwords or place behind firewalls to prevent exploitation.

New vulnerability allows for permanent Mirai infections
While researching the security of over 30 DVR brands, researchers from Pen Test Partners have discovered a new vulnerability that could allow the Mirai IoT worm and other IoT malware to survive between device reboots, permitting for the creation of a permanent IoT botnet.

"We’ve [...] found a route to remotely fix Mirai vulnerable devices," said Pen Test Partners researcher Ken Munro. "Problem is that this method can also be used to make Mirai persistent beyond a power off reboot."

Understandably, Munro and his colleagues decided to refrain from publishing any details about this flaw, fearing that miscreants might weaponize it and create non-removable versions of Mirai, a malware known for launching some of the biggest DDoS attacks known today.
Click to expand...


Vendors working to protect devices from future IoT malware
In addition, last week, Dahua Technologies, one of the companies whose devices were one of the main cannon fodder for Mirai DDoS botnets, announced a partnership with Synopsys Solutions, a cyber-security company, with the intent of improving the firmware of its devices against IoT malware.

This is the second DVR vendor that takes action against Mirai after last year Hangzhou Xiongmai Technology announced it would recall several types of IP cameras that were vulnerable to Mirai malware.
Click to expand...
 
  • Like
Reactions: Der.Reisende, frogboy and Parsh
Parsh

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Thankfully, this hasn't happened and the researchers who have found out the way of persistent infection have refrained from publishing the vulnerability.
By this share, I got reminded of the earlier news of Hajime IoT malware that has apparently been a vigilante against Mirai!
 
  • Like
Reactions: Der.Reisende, LASER_oneXM and frogboy
You must log in or register to reply here.

Similar threads

Orchid
    • Like
New Mirai malware variant infects Linux devices to build DDoS botnet
Replies
5
Views
595
News Archive
MuzzMelbourne
MuzzMelbourne
MuzzMelbourne
    • Like
    • +Reputation
New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks
Replies
0
Views
838
News Archive
MuzzMelbourne
MuzzMelbourne
LASER_oneXM
    • Like
    • +Reputation
Mirai botnet used to steal confidential data via IoT devices
Replies
1
Views
709
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top