THE AUTHOR of a new strain of Windows malware designed to propagate Mirai, the malware that exploits insecurities in Linux-based connected devices, is "more advanced" than the coders behind Mirai itself, Kaspersky has claimed.
"The Windows-based spreader is richer and more robust than the original Mirai codebase, but most of the components, techniques, and functionality of the new spreader are several years old," said Kaspersky.
It added: "Its capacity for spreading the Mirai malware is limited: it can only deliver the Mirai bots from an infected Windows host to a vulnerable Linux IoT device if it is able to successfully brute-force a remote telnet connection.
However, it is "clearly the work of a more experienced developer, although probably one who is new to the Mirai game.
"Artefacts such as language clues in the software, the fact that the code was compiled on a Chinese system, with host servers maintained in Taiwan, and the abuse of stolen code-signing certificates from Chinese companies, suggest that the developer is likely to be Chinese-speaking."
With more experienced hackers turning their hands to Mirai and malware for propagating it, Kaspersky suggests that we could soon see much bigger attacks, not just the distributed denial of service attacks carried out via Mirai last year.
At the moment, the Windows Mirai ‘muck spreader' has only seen limited distribution, with around 500 unique systems attacked in 2017 by the malware.
But based on the geolocation of IP addresses targetted in the second stage of attack, according to Kaspersky, the countries most vulnerable are emerging markets that have invested heavily in connected technology.
These include India, Vietnam, Saudi Arabia, China, Iran, Brazil, Morocco, Turkey, Malawi, United Arab Emirates, Pakistan, Tunisia, Russia, Moldova, Venezuela, the Philippines, Colombia, Romania, Peru, Egypt and Bangladesh.
"The release of the source code for the Zeus banking Trojan in 2011 brought years of problems for the online community - and the release of the Mirai IoT bot source code in 2016 will do the same for the Internet," said Kaspersky principal security researcher Kurt Baumgartner.
He continued: "More experienced attackers, bringing increasingly sophisticated skills and techniques, are starting to leverage freely available Mirai code.
"A Windows botnet spreading IoT Mirai bots turns a corner and enables the spread of Mirai to newly available devices and networks that were previously unavailable to Mirai operators. This is only the beginning."
Security blogger Brian Krebs suggested that a US student was responsible for the original Mirai malware. After the code was published, the network of compromised devices was used in a number of DDoS attacks, and one Chinese manufacturer admitted responsibility for using insecure software in its digital video recorders produced for CCTV systems. µ
C3-PO, R2-D2, BB-8 and other Androids
Helpful cyber vigilante gets short changed by customer services
...you know, now it's less confusing...
Firm will no longer provide updates for its first Android mobe