sed -e g/oldbotnet/s//newbotnet/g
Oh dear, the scripts got updated again. Whatever are we to do?
Really, come on, guys. This is going to be expected as long as there are IoTs available that fall prey to exactly the same security hole.
Miscreants have put together a new strain of malware designed to turn insecure IoT devices into a DDoS attack platform. The new nasty, Linux/IRCTelnet discovered by security researchers at MalwareMustDie.org, like the infamous Mirai botnet before it relies on default hard-coded credentials to spread across vulnerable devices. …
While that is true, this new thing is a critter based on two others. The big thing is that it also leverages IRC CnC. MIRAI does/did not do that. It scanned and reported possible vulnerable IPs back to the herder. A second round attempted infesting those IPs. When infested, those reported in so they could be counted. This new critter appears to scan and infest at the same time. Plus this new critter has a lot more attack capabilities. It is a new botnet even though it may be on the same devices.
Cheap Linux/ARM tat will always ship with hard-coded Telnet passwords. There's no getting past that, so the only solution is for ISPs to port-block incoming Telnet by default.
You can run Telnet in your private network, or acually /shock/ configure SSH if that tat allows it, or contact your ISP if you want that block lifted.
Unpopular idea for some reason, but the security of the internet overweighs lip service to net neutrality.
Ban Linux from off the Internet, that will cure the current DDOS hacking/phishing infestation. MalwareMustDie.org registered to 'Domain Privacy Group'. "ChinaZ is the PRC (Public Rep of China) actor's made Linux ELF DDoS malware and its service" ref. It's odd that a group of 'Chinese' state actors would refer to themselves as ChinaZ. It's a kind of big giveaway.
So what alternative would you suggest? Windows? $DEITY help us.
You ARE aware that the vast majority of machines running the backbone of the internet are running Linux, right? If you ban Linux, you pretty much wipe out the entire internet.
Also, the problem here isn't Linux, it's the shoddy security practices associated with the IoT. If you hard-code username: admin / password: password on a device, then it doesn't matter how watertight or hardened your OS code is, if you've used default login credentials. If you change the username and password (if the device will let you) then its security is as good as any other Linux box.
and so on and so forth. Is anybody really surprised? The genie is out of the bottle. As long as there are so many unsecured IoT devices out there, new nasties designed to exploit them will keep popping up. And with time they will get better and better like their PC based cousins before them. Right now we are seeing the first lower budget/higher risk groups getting into the game. Once the large malware actors get involved we'll start seeing the same kind of high tech nasties we already see spreading around in the PC world. I doubt it'll be long before we see cross platform nasties that can use both PCs and IoT devices.
Biting the hand that feeds IT © 1998–2020