Millions of IoT devices enlisted into DDoS bots with Bashlite malware

More than a million IoT devices have been ensnared in a botnet.
More than a million IoT devices have been ensnared in a botnet.

A family of malware targeting Internet of Things (IoT) devices to create distributed denial of service (DDoS) botnets has been detected by Level 3 Threat Research Labs working with Flashpoint.

The malware has a number of names – Lizkebab, Bashlite, Torlus, gafgyt – and its impact is far-ranging, according to the report.

The source code, first leaked in early 2015, is written in C, making it suitable for IoT devices based in Linux. Bad actors have already seeded more than a dozen iterations and a million devices have been enlisted in the bots, particularly active in Taiwan, Brazil and Colombia.

Most of the devices use components from Dahua Technology, a China-based manufacturer of surveillance equipment and software. Dahua was notified and is developing a patch.

"The security of IoT devices poses a significant threat," the researchers concluded. "Vendors of these devices must work to improve their security to combat this growing threat."
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS