Security Architecture, Endpoint/Device Security, IoT, Threat Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Mirai malware family variants rack up exploit totals

A newly discovered variant of Echobot, an offshoot of the Mirai family of Internet of Things botnet malware, was found to contain a whopping 26 different exploits for infecting victim machines. This revelation is the latest in a string of research reports detailing Mirai-related malwares with increasingly large exploit totals.

In a company blog post today, Akamai Technologies researcher Larry Cashdollar reported finding the new version of Echobot, which added exploits for AirOS, Asmax, DD-WRT, D-Link, Linksys, Seowon Intech, Yealink and Zeroshell products, on top of previously observed Echobot exploits for products from ADM, Asus, Belkin, Blackbot, Dell, Dreambox, Geutebruck, HooToo, Netgear, NUUO, Oracle, Realtek, SuperSign, UMotion, VeraLite, VMware, wePresent and WIFICAM.

Many of the exploits were of the remote code execution variety, Cashdollar noted.

"What I found the most interesting, and not so surprising, is the inclusion of cross-application vulnerabilities," Cashdollar wrote. "For example, rather than sticking to devices with embedded OSs like routers, cameras, and DVRs, IoT botnets are now using vulnerabilities in enterprise web (Oracle WebLogic) and networking software (VMware SD-WAN) to infect targets and propagate malware."

"Also of note is the inclusion of 10+ year old exploits for network devices that I believe may never have been patched by the vendors. This alludes to the botnet developers deliberately targeting unpatched legacy vulnerabilities," Cashdollar continued.

On June 6, Palo Alto Networks' Unit 42 threat intelligence team published research on a Mirai variant with 18 exploits, eight of which it said were new to the IoT bot at the time. And on May 24, Trend Micro reported on a Mirai variant featuring a unique combination of 13 exploits.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.