Vulnerabilities / Threats

6/7/2018
10:00 AM

7 Variants (So Far) of Mirai

Mirai is an example of the newest trend in rapidly evolving, constantly improving malware. These seven variants show how threat actors are making bad malware worse.
6 of 8

OMG
The old saying goes, 'There's more than one way to skin a cat.' There's also more than one way to monetize a botnet, and the OMG Mirai variant takes a commercial tack that is far removed from the original.
Where all the variants of Mirai discussed so far were DDoS engines, OMG, just like the original, uses 3proxy, an open source proxy server, to turn any infected device into a proxy server that can then be used for a variety of purposes. OMG even goes so far as to check for, and rewrite, firewall rules to ensure that the ports used by the new proxy server can transit the network perimeter with no trouble.
OMG provides a network of proxy servers that can be rented out for use by a huge number of clients, whether they're looking for DDoS generators, a SPAM network, crypto-jacker scheme, or ransomware empire. No matter the demand, the OMG proxy network can provide the illicit proxy.
(Image: BeeBright VIA SHUTTERSTOCK)

OMG

The old saying goes, "There's more than one way to skin a cat." There's also more than one way to monetize a botnet, and the OMG Mirai variant takes a commercial tack that is far removed from the original.

Where all the variants of Mirai discussed so far were DDoS engines, OMG, just like the original, uses 3proxy, an open source proxy server, to turn any infected device into a proxy server that can then be used for a variety of purposes. OMG even goes so far as to check for, and rewrite, firewall rules to ensure that the ports used by the new proxy server can transit the network perimeter with no trouble.

OMG provides a network of proxy servers that can be rented out for use by a huge number of clients, whether they're looking for DDoS generators, a SPAM network, crypto-jacker scheme, or ransomware empire. No matter the demand, the OMG proxy network can provide the illicit proxy.

(Image: BeeBright VIA SHUTTERSTOCK)

6 of 8
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
MarkSindone
50%
50%
MarkSindone,
User Rank: Apprentice
12/22/2018 | 1:30:53 AM
Under control
Malware, like technology, is constantly improving. There really isn't any particular one way that can totally diminish this entire threat for good. However, it is still in our best interests that we take note of them so as to know what to expect and how to handle and take them down for good using the correct methods. If we find out about them without knowing the counter measures to be put in place, then we might suffer even tougher consequences that might just be irreversible.
PaulChau
50%
50%
PaulChau,
User Rank: Apprentice
12/18/2018 | 2:59:56 AM
Beat the robots
It's scary to think that there are more than people trying to introduce hazards and dangers into our systems you know. These bots are so easily configured to attack from a different angle just by switching up a line or two of code! Security teams are really going to have to work hard to stay ahead of the game now!
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7715
PUBLISHED: 2019-03-26
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-c...
CVE-2019-8981
PUBLISHED: 2019-03-26
tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged.
CVE-2019-10061
PUBLISHED: 2019-03-26
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.
CVE-2019-7711
PUBLISHED: 2019-03-26
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addre...
CVE-2019-7712
PUBLISHED: 2019-03-26
An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path contain...