Software specialists have discovered a new malware capable of attacking and exploiting IoT devices. Since virus scanners detected similarities between the malware and the Mirai computer worm, and since it uses Google’s Go programming language, its discoverers named it BotenaGo.
BotenaGo:Potential for millions of targets
Alien Labs, a security division of the AT&T provider, found a program in its search for dangerous viruses that exploits up to 30 pre-existing vulnerabilities in systems to infiltrate IoT-enabled assets. The malware builds backdoors into inadequately secured infrastructure during its attack. These can then be used by botnets at any time to launch attacks on others. It is not yet clear who is behind this and how many networks have already been affected. However, investigations in the Shodan database have revealed that around two million devices could be affected.
BotenaGo: Only one in two virus scanners is effective
The problem is that not even half of the virus scanners in use are able to detect this attacker. Only 28 out of 61 protection programs report its infestation. Those that already detect it register integrated payment links that strongly resemble MiriBots. However, there are striking differences between the two forms in terms of the language used and the attack techniques. That is why experts consider it to be a new form of malware.
Mirai botnet: Internet attacks for hire
Mirai was discovered in 2016 as a Linux-based malware that enables the development of botnets. It can be used to initiate network overloads through coordinated distributed denial of service (DDOS) attacks. In doing so, it is constantly on the lookout on the Internet for loopholes in security systems in order to implement its programs there. Once the malware has infiltrated, it immediately goes in search of folder structures that lead it to scripts that can be attached to. If it doesn’t find any, it opens ports for backdoors to initiate attacks.
The hallmark of this botnet is that it is readily rented by hackers to launch large-scale attacks on third-party systems with little outsourced computing power. In 2016, 500,000 IoT devices were identified to have been affected. Currently, about 3 million are known to have involuntarily become part of these criminal structures. For example, one current network offers its services with about 50 000 compromised devices.
IoT security: With worms against viruses
The Mirai botnet became more widely known through high-profile DDOS attacks on game servers, IT journalists, telecommunications providers, and even entire states. Even globally operating large corporations like Amazon, Twitter and Spotify became targets, with the purpose of completely crippling them.
As a serious help against such digital assaults, some scientists recommend the use of computer worms, such as Nematode. This worm is capable of independently searching for vulnerable applications and changing the default passwords there. In this way, Mirai networks and their derivatives would no longer be able to simply dock on. However, because this approach is considered an intrusion technique and risks locking owners out of their own systems, it has not been widely adopted.
What remains is the analysts’ recommendation to always use the latest patches and updates, to make IoT devices and Linux interfaces on the normal Internet as less vulnerable as possible, to always keep an eye on one’s own network, and to watch out for unusual usage behavior.