back to article Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet

A new variant of the Mirai-based malware Aquabot is actively exploiting a vulnerability in Mitel phones to build a remote-controlled botnet, according to Akamai's Security Intelligence and Response Team. In case an army of office phones firing off distributed denial of service (DDoS) attacks against individuals or critical …

  1. GNU Enjoyer
    Angel

    Ah yes that reminds me of Mitel's Copyright Infringement

    Mitel phones either run BusyBox/Linux or GNU/Linux in intentional violation of the free software licenses (as we can't have the customers having freedom can we)?

    Too bad so far I haven't been able to get my hands on any update files that are provably for a certain phone model or managed to do a NAND dump (they love TSOP-56 NANDs).

    I would love to be proved wrong and provided source code with installation information; "plus the scripts used to control compilation and installation of the executable." for all the models, although I'll take just the 5320e or 5330e - but as far as I can tell, that has never been provided to anyone.

    1. diodesign (Written by Reg staff) Silver badge

      I looked and....

      The firmware is available. A simple command reveals...

      $ strings 6869i.st | grep -i linux

      Uncompressing Linux to 0x

      linuxrc

      linux32

      linux64

      ld-linux.so.3

      1. GNU Enjoyer
        Angel

        Re: I looked and....

        It seems that Mitel now loginwalls the software downloads, but someone has re-uploaded the 68xx models software, including sufficient evidence at; http://185.247.33.107/Firmware/Mitel/

        Although, the 5320e software is not publicly available for download as the one download link I can find is dead.

        They use GNU/Linux and that's a lot of copyright infringement;

        strings 6869i.st |grep -i '\.so'

        libanl.so.1

        libbcm_crc32.so

        glibc.so.6

        libcsxsigmorph.so

        libdl.so.2

        flibecutils.so

        libhalaudio.so

        libnss_compat.so.2

        libnss_dns.so.2

        hlibnss_files.so.2

        libnss_nisplus.so.2

        libutil.so.1

        libdecx170v.so

        libidirectfbfont_dgiff.so

        libidirectfbimageprovider_dfiff.so

        libbcmringeth.so

        libdl.so.2

        iblog.so

        libm.so.6

        libthread_db.so.1

        libusrlog.so

        libidirectfbimageprovider_gif.so

        ld-linux.so.3

        ld.so.1

        libamxr.so

        libanl.so.1

        libbacklight.so

        libbcmringeth.so

        libbsc.so

        libbz2.so

        libbz2.so.1.0.4

        libbz2.so.1

        libcidn.so.1

        libcrc32.so

        libcrypt.so.1

        libcrypto.so

        libcrypto.so.0.9.8g

        libcrypto.so.0

        libcrypto.so.7

        libcrypto.so.0.9.8g

        libdl.so.2

        glibgcc_s.so.1

        libgpio.so

        libhalaudio.so

        libi2c.so

        libjpeg.so

        Ilibjpeg.so.62.0.0

        Zlibjpeg.so.62

        9tlibjpeg.so.62.0.0

        libjpeg.so.62.0.0

        liblog.so

        libm.so.6

        libmmdma.so

        libncurses.so.5

        libnsl.so.1

        libnss_compat.so.2

        libnss_dns.so.2

        hlibnss_files.so.2

        libnss_hesiod.so.2

        libnss_nis.so.2

        libnss_nisplus.so.2

        libota.so

        rlibpthread.so.0

        libresolv.so.2

        librt.so.1

        libssl.so.7

        rlibssl.so.7

        libstdc++.so.6

        libstrl.so

        1libthread_db.so.1

        libtinfo.so.5

        libutil.so

        libutil.so.1

        libvdecal.so

        libz.so

        libz.so.1

        libz.so.1.2.3

        libxt_standard.so

        libcap.so.2

        libdecx170h.so

        libdecx170m.so

        m5libdecx170v.so

        libdwlx170.so

        Z5vlibedit.so.0

        libpcap.so.0.9

        libpng12.so

        hlibpng12.so.0.24.0

        libpng12.so.0

        libpng12.so.0.24.0

        libppx170.so

        libx170j.so

  2. Herring` Silver badge

    We never had this problem

    when it was pulse dialling and racks of uniselectors.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like