Tag Archive for: Infecting

A vigilante is putting a huge amount of work into infecting IoT devices

/in

Enlarge (credit: Gammew)

Last week, Ars introduced readers to Hajime, the vigilante botnet that infects IoT devices before blackhats can hijack them. A technical analysis published Wednesday reveals for the first time just how much technical acumen went into designing and building the renegade network, which just may be the Internet’s most advanced IoT botnet.

As previously reported, Hajime uses the same list of user name and password combinations used by Mirai, the IoT botnet that spawned several, record-setting denial-of-service attacks last year. Once Hajime infects an Internet-connected camera, DVR, and other Internet-of-things device, the malware blocks access to four ports known to be the most widely used vectors for infecting IoT devices. It also displays a cryptographically signed message on infected device terminals that describes its creator as “just a white hat, securing some systems.”

Not your father’s IoT botnet

But unlike the bare-bones functionality found in Mirai, Hajime is a full-featured package that gives the botnet reliability, stealth, and reliance that’s largely unparalleled in the IoT landscape. Wednesday’s technical analysis, which was written by Pascal Geenens, a researcher at security firm Radware, makes clear that the unknown person or people behind Hajime invested plenty of time and talent.

Read 5 remaining paragraphs | Comments

Technology Lab – Ars Technica

Court blocks American from suing Ethiopia for infecting his computer

/in

An appeals court has barred an Ethiopian-born U.S. citizen from filing a civil suit against the African country, which allegedly infected his computer with spyware and monitored his communications.

The U.S. Court of Appeals for the District of Columbia Circuit ruled Tuesday that foreign states are immune from suit in a U.S. court unless an exception to the Foreign Sovereign Immunities Act (FSIA) applies.

The person, who is referred to in court documents by the pseudonym Kidane, was born in Ethiopia and lived there for 30 years before seeking asylum in the U.S. He lives in Maryland.

To read this article in full or to leave a comment, please click here

Network World Security

Upgraded Mirai botnet disrupts Deutsche Telekom by infecting routers

/in

A new version of Mirai — a malware that’s been enslaving poorly secured IoT devices — has found a new victim: vulnerable internet routers from Germany’s Deutsche Telekom.

The spread of the new strain of Mirai has caused internet connection problems for close to a million Deutsche Telekom customers, the company reported on Monday.   

Deutsche Telekom blamed the disruption on the notorious malware, which has already been found infecting more than 500,000 internet connected devices, including DVRs and surveillance cameras.

To read this article in full or to leave a comment, please click here

Network World Security

Beware of all-powerful DDoS malware infecting cellular gateways, feds warn

/in

Enlarge / One of the Sierra Wireless devices that can be infected by Mirai. (credit: Sierra Wireless)

This week, the US government-backed ICS-CERT warned that the troubling new generation of computer attacks is powered by malware that can infect cellular modems used to connect automotive and industrial equipment to the Internet.

An advisory published Wednesday listed five industrial control devices manufactured by Sierra Wireless that are vulnerable to malware known as Mirai when default passwords that ship with the equipment aren’t changed on the gateways. The advisory referenced a separate notice from Sierra Wireless (PDF) that reported infections have succeeded against actual devices by connecting to the ACEmanager, a graphical interface used to remotely administer and configure them.

The Sierra Wireless post stated:

Read 7 remaining paragraphs | Comments

Technology Lab – Ars Technica