Crooks expand the original Mirai botnet code base with new capabilities and improvements

June 1, 2018  By Pierluigi Paganini


Cybercriminals continue to improve the infamous Mirai botnet by adding new exploits and functionalities, experts warn new dangerous variant will appear in the wild.

According to Netscout’s Arbor Security Engineering and Response Team (ASERT), cybercriminals continue to improve the dreaded Mirai IoT botnet by adding new exploits and functionalities.

The time to market of new Mirai botnet versions is drastically reducing, in a few months experts spotted at least four Mirai variants in the wild, Satori, JenX, OMG and Wicked.

Vxers are used the leaked Mirai source code to create their own version, this trend is scaring security experts.

“Using Mirai as a framework, botnet authors can quickly add in new exploits and functionally, thus dramatically decreasing the development time for botnets. The Mirai source is not limited to only DDoS attacks. A variant of Satori was discovered which attacks Ethereum mining clients.” states the report published by Netscout.

Mirai botnet

Below the key findings for the new Mirai Variants

  • Satori uses a remote code injection exploits to implement scanning feature.
  • The JenX bot evolved from Mirai to include similar coding, but authors removed scanning and exploitation capabilities.
  • The OMG bot adds HTTP and SOCKS proxy capabilities.
  • The Wicked Mirai exploits RCE flaws to infect Netgear routers and CCTV-DVR devices. When vulnerable devices are found, a copy of the Owari bot is downloaded and executed.

Cyber criminals will continue to use the Mirai variants to build large botnets, for this reason, it experts recommend organizations to apply proper patching, updates, and DDoS mitigation strategies to protect their infrastructure.

“As seen with the four samples covered above, botnet authors are already using the Mirai source code as their building blocks. As the explosion of IoT devices does not look to be slowing down, we believe we’ll continue to see increases in IoT botnets.” concluded the report.

“We are likely to see remnants of Mirai live on in these new botnets as well.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Mirai botnet, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

Ticketfly website was compromised, the hacker also stole customers' data

 The website of the events ticketing company Ticketfly was shut down after a hacker who calls himself “IsHaKdZ” compromised...