Just days after the DDoS attack that crippled multiple websites around the world, a new strain of malware designed to turn insecure IoT devices into a DDoS attack platform has been discovered.
The Linux/IRCTelnet-based software was discovered by security researchers at MalwareMustDie.org, and like the Mirai botnet that was used to attack DNS provider Dyn, it relies on default hard-coded credentials to spread across vulnerable devices. The malware is primed for DDoS and IPv6 ready, according to the researchers.
"The malware (the bot client) is designed to aim IoT devices via telnet protocol, by using its originally coded telnet scanner function, which is brute-forcing the known vulnerable credential of the Linux IoT boxes, via command sent from a CNC malicious IRC server,” the researchers explained.
"The botnet is having DoS attack mechanism like UDP flood, TCP flood, along with other attack methods, in both IPv4 and IPv6 protocol, with extra IP spoof option in IPv4 or IPv6 too."
The source code used to build this botnet malware is based on the earlier Aidra botnet, according to MalwareMustDie.org. The researchers said Aidra had been redesigned and modified to target the vulnerabilities inherent in IoT devices.
Whether Linux/IRCTelnet is as effective at spreading and attacking systems is so far unclear.
To date, no DDoS attacks have been enacted using this botnet. Even so its mere discovery is a concern because of the ease in which it is able to hijack clients.
During the researchers’ testing, the botnet was able to connect to over 3400 devices within their own network.
Security experts are unsurprised that hackers are seeking to duplicate the success of the Mirai botnet.
Mike Ahmadi, global director of critical systems security at Synopsys, said: "It is not at all surprising that a new exploit targeting these devices has been discovered, since many of these devices are built using open source third-party libraries.
"When we apply software composition analysis tools to many of the most popular third-party software distributions, we often find known vulnerabilities that number in the hundreds, and sometimes in the thousands when looking at the total software build found on IoT devices.
"Unless builders of IoT devices incorporate more rigorous vulnerability detection and management practices into their development process, we can expect more of this malware botnet free for all to occur."
