Vulnerabilities / Threats

6/7/2018
10:00 AM

7 Variants (So Far) of Mirai

Mirai is an example of the newest trend in rapidly evolving, constantly improving malware. These seven variants show how threat actors are making bad malware worse.
6 of 8

OMG
The old saying goes, 'There's more than one way to skin a cat.' There's also more than one way to monetize a botnet, and the OMG Mirai variant takes a commercial tack that is far removed from the original.
Where all the variants of Mirai discussed so far were DDoS engines, OMG, just like the original, uses 3proxy, an open source proxy server, to turn any infected device into a proxy server that can then be used for a variety of purposes. OMG even goes so far as to check for, and rewrite, firewall rules to ensure that the ports used by the new proxy server can transit the network perimeter with no trouble.
OMG provides a network of proxy servers that can be rented out for use by a huge number of clients, whether they're looking for DDoS generators, a SPAM network, crypto-jacker scheme, or ransomware empire. No matter the demand, the OMG proxy network can provide the illicit proxy.
(Image: BeeBright VIA SHUTTERSTOCK)

OMG

The old saying goes, "There's more than one way to skin a cat." There's also more than one way to monetize a botnet, and the OMG Mirai variant takes a commercial tack that is far removed from the original.

Where all the variants of Mirai discussed so far were DDoS engines, OMG, just like the original, uses 3proxy, an open source proxy server, to turn any infected device into a proxy server that can then be used for a variety of purposes. OMG even goes so far as to check for, and rewrite, firewall rules to ensure that the ports used by the new proxy server can transit the network perimeter with no trouble.

OMG provides a network of proxy servers that can be rented out for use by a huge number of clients, whether they're looking for DDoS generators, a SPAM network, crypto-jacker scheme, or ransomware empire. No matter the demand, the OMG proxy network can provide the illicit proxy.

(Image: BeeBright VIA SHUTTERSTOCK)

6 of 8
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Locked device, Ha! I knew there was another way in.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-2638
PUBLISHED: 2018-07-16
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name.
CVE-2017-7468
PUBLISHED: 2018-07-16
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was...
CVE-2018-13387
PUBLISHED: 2018-07-16
The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or ...
CVE-2018-14071
PUBLISHED: 2018-07-16
The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.
CVE-2018-5229
PUBLISHED: 2018-07-16
The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.