Mirai botnet leverages open source project Aboriginal Linux


Remember Mirai? The botnet used in a huge DDoS attack against the website of journalist Brian Krebs on September 20. According to a recent blog post from Symantec, Linux.Mirai variants continue to grow steadily with better build systems to support the infection of multiple platforms.

The last few years have been full of interesting happenings when it comes to the Internet of Things (IoT) threat landscape. “As it is, the IoT market is hugely fragmented and most of the devices do not receive software patches for the known vulnerabilities. To make things worse, the malware authors continue to evolve these variants, making the malware more powerful and portable across different platforms and architectures,” Dinesh Venkatesan from Symantec explained in the blog post.

Leveraging open-source project
What makes it interesting is the fact that the new variants have been created by leveraging an open-source project called Aboriginal Linux that makes the process of cross-compilation easy, effective, and practically fail-proof.

It should be noted that “there is nothing malicious or wrong with this open-source project, the malware authors are once again leveraging legitimate tools to supplement their creations, this time with an effective cross compilation solution,” added Venkatesan.
The resultant malware variants are more robust and compatible with multiple architectures and devices, making it executable on a wide variety of devices ranging from routers, IP cameras, connected devices, and even Android devices.

Symantec offers the following tips to protect your IoT device from becoming infected with malware:

Research the capabilities and security features of an IoT device before purchase.
• Perform an audit of IoT devices used on your network.
• Change the default credentials on devices. Use strong and unique passwords for device accounts and Wi-Fi networks.
• Use a strong encryption method when setting up Wi-Fi network access (WPA).
• Disable features and services that are not required.
• Disable Telnet login and use SSH where possible.
• Disable Universal Plug and Play (UPnP) on routers unless absolutely necessary.
• Modify the default privacy and security settings of IoT devices according to your requirements and security policy.
• Disable or protect remote access to IoT devices when not needed.
• Use wired connections instead of wireless, where possible.
• Regularly check the manufacturer’s website for firmware updates.
• Ensure that a hardware outage does not result in an unsecure state of the device.

Get latest updates in your inbox, subscibe to our daily newsletter.