While tracking botnet activity on their honeypot traffic, security researchers at Chinese the item security firm Qihoo 360 Netlab discovered a fresh variant of Mirai—the well known IoT botnet malware which wreaked havoc last year.
Last week, researchers noticed an increase in traffic scanning ports 2323 along with 23 coming from hundreds of thousands of unique IP addresses coming from Argentina in less than a day.
The targeted port scans are actively looking for vulnerable internet-connected devices manufactured by ZyXEL Communications using two default telnet credential combinations—admin/CentryL1nk along with admin/QwestM0dem—to gain root privileges on the targeted devices.
Researchers believe (instead “quite confident”) This particular ongoing campaign will be part of a fresh Mirai variant which has been upgraded to exploit a newly released vulnerability (identified as CVE-2016-10401) in ZyXEL PK5001Z modems.
“ZyXEL PK5001Z devices have zyad5001 as the su (superuser) password, which makes the item easier for remote attackers to obtain root access if a non-root account password will be known (or a non-root default account exists within an ISP’s deployment of these devices),” the vulnerability description reads.
Mirai will be the same IoT botnet malware which knocked major Internet companies offline last year by launching massive DDoS attacks against Dyndns, crippling some of the planet’s biggest websites, including Twitter, Netflix, Amazon, Slack, along with Spotify.
Mirai-based attacks experienced sudden rise after someone publicly released its source code in October 2016. Currently, there are several variants of the Mirai botnet attacking IoT devices.
The biggest threat of having the source code of any malware in public will be which the item could allow attackers to upgrade the item with newly disclosed exploits according to their needs along with targets.
“For an attacker which finds a fresh IoT vulnerability, the item might be easy to incorporate the item into the already existing Mirai code, thus releasing a fresh variant,” Dima Beckerman, security researcher at Imperva, told The Hacker News.
“Mirai spread itself using default IoT devices credentials. The fresh variant adds more devices to This particular list. Still, we can’t know for sure what some other alterations were implemented into the code. inside future, we might witness some fresh attack methods by Mirai variants.”
This particular will be not the very first time when the Mirai botnet targeted internet-connected devices manufactured by ZyXEL. Exactly a year before, millions of Zyxel routers were found vulnerable to a critical remote code execution flaw, which was exploited by Mirai.
Secure Your (Easily Hackable) Internet-Connected Devices
1. Change Default Passwords for your connected devices: If you own any internet-connected device at home or work, change its default credentials. Keep in mind; Mirai malware scans for default settings.
2. Disable Remote Management through Telnet: Go into your router’s settings along with disable remote management protocol, specifically through Telnet, as This particular will be a protocol used to allow one computer to control another coming from a remote location. the item has also been used in previous Mirai attacks.
3. Check for Software Updates along with Patches: Last yet not the least—always keep your internet-connected devices along with routers up-to-date with the latest firmware updates along with patches.