16 April 21, 17:54
Quote:Several variants of the Gafgyt Linux-based botnet malware family have incorporated code from the infamous Mirai botnet, researchers have discovered.
Gafgyt (a.k.a. Bashlite) is a botnet that was first uncovered in 2014. It targets vulnerable internet of things (IoT) devices like Huawei routers, Realtek routers and ASUS devices, which it then uses to launch large-scale distributed denial-of-service (DDoS) attacks. It also often uses known vulnerabilities such as CVE-2017-17215 and CVE-2018-10561 to download next-stage payloads to infected devices.
The latest variants have now incorporated several Mirai-based modules, according to research from Uptycs released Thursday, along with new exploits. Mirai variants and its code re-use have become more voluminous since the source code for the IoT botnet was released in October 2016.
The capabilities nicked from Mirai include various methods to carry out DDoS attacks, according to the research:
- HTTP flooding, in which the botnet sends a large number of HTTP requests to a targeted server to overwhelm it;
- UDP flooding, where the botnet sends several UDP packets to a victim server as a means of exhausting it;
- Various TCP flood attacks, which exploit a normal three-way TCP handshake the victim server receives a heavy number of requests, resulting in the server becoming unresponsive;
- And an STD module, which sends a random string (from a hardcoded array of strings) to a particular IP address.
Read more: Gafgyt Botnet Lifts DDoS Tricks from Mirai | Threatpost