[Cryptography] Anyone else seeing an uptick in infected IoT devices? New botnet?
John Levine
johnl at iecc.com
Wed Dec 7 09:12:04 EST 2016
>Anybody else seeing this? Is it a local effect or worldwide? Anybody
>know what's infecting them?
It's the open sourced mirai botnet. Here it is on github for your
convenience:
https://github.com/jgamblin/Mirai-Source-Code
>The reason why I'm wondering if it's mainly a local effect is because
>there doesn't seem to be any IP address that they're "phoning home" to
>and they're not doing DNS queries for any names. Virtually all their
>Internet traffic is outbound.
The infected devices are visible from the public Internet through upnp
or the like, and the malware just scans and telnets into them using
default credentials that the user cannot change. If it wants to tell
them to do something, it telnets into them again.
More here:
https://www.symantec.com/connect/blogs/mirai-what-you-need-know-about-botnet-behind-recent-major-ddos-attacks
R's,
John
More information about the cryptography
mailing list