Hackers use Twitter Card vulnerability and attack users
infosec

Hackers use Twitter Card vulnerability and attack users

Twitter was found with a new vulnerability, which could allow hackers to attack its users ...
Read More
infosec

Firefox 70 brings Lockwise password manager. Get ready for a lot of hacks!

Mozilla brings Lockwise password manager to Firefox 70, which is expected to be released on October 22. Firefox ...
Read More
inet infosec

Google buys random human data for just $ 5

Google is one of the world's largest technology companies and is constantly working on new, innovative projects. It employs a ...
Read More
infosec

How dangerous and frequent is an attack on RDP-enabled computers?

How long does it take for an attack on RDP-enabled computers? In some cases, a few minutes. In most, less than 24 hours. The...
Read More
infosec

Watchbog: Attacks on servers to "keep the internet safe"

Hackers are exploiting vulnerable Jira and Exim servers to infect them with a new variant of Watchbog Linux ...
Read More
Latest Posts

Echobot malware is a new version of Mirai!

If there is one thing that seems to end up with security issues, it's the malware writers who put their own bugs in the old Mirai malware and create a new botnet to haunt the IoT and business devices.

Echobot

It has not been a month since a big botnet emerged from nowhere and started massive attacks on smart devices - or using default credentials to take control of the device or by using farms for old security flaws that the owners of the devices did not fix.

New version of Mirai called Echobot

The latest variation in this long series of Mirai scourge is called Echobot. Since it appeared in mid-May, malware was first described by Palo Alto Networks in a report released in early June, and then a report by security researchers from Akamai last week.

The malware itself does not bring anything new to the actual Mirai source code, which is not surprising as the Mirai code has remained unchanged over the years.

Echobot malware follows the trend, but a malware writer added modules above the original Mirai source code.

When researchers from Palo Alto Networks first appeared in early June, Echobot used farms for 18 vulnerabilities. In the Akamai report, a week later, Echobot was at 26.

Targeting IoT devices and business applications

What I found to be the most interesting and not so odd is the inclusion of cross-application vulnerabilities, "said Larry Cashdollar, an Akamai threat researcher.

For example, instead of sticking to devices with built-in operating systems such as routers, cameras and DVRs, IoT botnets now use Oracle WebLogic and VMware SD-WAN vulnerabilities to infect targets and spread malware »continued.

This strange way of developing a botnet that uses irrelevant holdings is not unique to Echobot, but a process through which all IoT's botnet passes.

From the outside, malware writers seem to randomly select their holdings, but there is a process for their madness.

As some IoT writers have reported in the past, they start by choosing random farms, but only keep those that bring a large number of infected bots and reject those who are not working.

Farms are recycled via a botnet within a few days if they do not work. Therefore, the current Echobot holding arsenal can be seen as a list of the vulnerabilities that most bots offer, as well as a list that device owners and security vendors would like to take a look at as they provide a picture of the devices on which most attacks have been done.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *