Dismiss this notice
Ant Download Manager Christmas 2020 Giveaway - https://www.geeks.fyi/showthread.php?tid=13686

Dismiss this notice
Macrium Reflect Home Edition Christmas 2020 Giveaway - https://www.geeks.fyi/showthread.php?tid=13685

Dismiss this notice
HitmanPro.Alert Christmas 2020 Giveaway - https://www.geeks.fyi/showthread.php?tid=13684

Dismiss this notice
VoodooShield PRO Christmas 2020 Giveaway - https://www.geeks.fyi/showthread.php?tid=13689

Dismiss this notice
NoVirusThanks OSArmor v1.5 Christmas 2020 Giveaway - https://www.geeks.fyi/showthread.php?tid=13758

Dismiss this notice
Revo Uninstaller Pro 4 Christmas 2020 Giveaway - https://www.geeks.fyi/showthread.php?tid=13688

Dismiss this notice
CheckMAL's AppCheck Pro Christmas 2020 Giveaway - https://www.geeks.fyi/showthread.php?tid=13690

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast_Security_News: The return of the Mirai botnet
[Image: mirai-botnet.jpg]

News on the (malicious) gift that just keeps on giving

Remember Mirai? This four-year old botnet was the scourge of the internet and used as the launching pad for numerous DDoS attacks. Back in 2016, the botnet disrupted a German ISP, Liberia’s entire internet connection, the Dyn.com DNS services (now owned by Oracle), and Brian Krebs’ website.

It was unique because it collected more than 24,000 IoT devices, including webcams, numerous home routers and other embedded devices. Its size was also significant: when Krebs was targeted, it was the largest series of DDoS attacks to date, with five separate events focusing more than 700B bits per second traffic at his web server. 

Since those days, Mirai has continued to gain notoriety. Its source code was released on GitHub shortly after these first attacks in 2016, where it has been downloaded thousands of times and has formed the basis of a DDoS-as-a-service for criminals. Months later, Krebs described how he uncovered the true identity of the leaker. We blogged about it back in 2018, when Avast researchers came across a new strain called Torii. It had more stealth components and was used to steal information rather than coordinate DDoS attacks. Torii also expanded the botnet sources beyond IoT devices and including a wide range of operating systems and chipsets to abuse. Eventually, three Mirai authors were fined and given five years of probation, partly because they cooperated with prosecutors in thwarting other attacks.

The latest on Mirai

Mirai is still around and being used for new nefarious purposes. Last year, researchers found an Echobot variant, which is notable in that it contains 71 different exploits all packaged together with more than a dozen new ones that have never been used previously. A post on ZDnet back in March found the variant called Mukashi that was exploiting Zyxel network-attached storage devices. (The company quickly released a firmware patch.) In July, other researchers found a new vulnerability in a collection of Linux-based routers. Then, in October, two new vulnerabilities were discovered that demonstrated how Mirai could take advantage of the network time service. Four new variants were found that involve command injections to download shell scripts. These variants were classic Mirai in that the exploited devices were used as part of DDoS botnet attacks.

Clearly, Mirai is the gift that just keeps on giving.

Recommended mitigations

There are several things that business IT managers can do to blunt the force of Mirai or indeed any DDoS attack. First off, here are some recommended DDoS attack mitigation strategies that are worth reading. Avast Omni is also a powerful tool in protecting against IoT-based attacks. You should also be sure to change factory default passwords on all network equipment, as unchanged default passwords have allowed Mirai to collect multiple endpoint IoT webcams and routers.
Continue Reading

Forum Jump:

Users browsing this thread: 1 Guest(s)
You have to register before you can post on our site.



Recent Posts
NoVirusThanks OSArmor v1.5
Thanks for the updat...jasonX — 17:26
GFYI [Official] NoVirusThanks OSArmor v...
Thanks a lot for the...dinosaur07 — 16:28
NoVirusThanks OSArmor v1.5.3
We've released OSA...harlan4096 — 16:26
GFYI [Official] NoVirusThanks OSArmor v...
Sponsor has given wo...jasonX — 16:04
GFYI [Official] NoVirusThanks OSArmor v...
Sponsor has given wo...jasonX — 16:04

Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (45)theoldevext
avatar (40)algratCep
avatar (45)Qlaude2Sap
avatar (46)Josepharelf
avatar (35)kholukrefar
avatar (44)Lauraimike
avatar (46)WilsonWag
avatar (44)StevenPiole
avatar (35)zetssToomy
avatar (42)GornOr
avatar (45)Jamesmog
avatar (33)opeqyrav
avatar (36)dlanod78
avatar (33)ivanoFloom
avatar (36)uxegihor

Online Staff
Decimuss's profile Decimuss
dhruv2193's profile dhruv2193