您的位置:首页 > 新闻 > 正文

暗流涌动|Mirai OMG是什么? 新的僵尸网络变体

发表时间:2018-2-28 22:54:46 作者: 来源:

Since the developers behind the original Mirai released its source code in 2016, hackers have continued to tweak it to build their own creations.由于原版Mirai背后的开发者在2016年发布了其源代码,因此黑客一直在调整它以建立自己的创作。

By Hyacinth Mascarenhas
February 28, 2018 07:45 GMT

Security researchers have found a new variant of the infamous Mirai botnet that is designed to turn vulnerable IoT devices into proxy servers for various nefarious activities. According to FortiGuard Labs researchers, the botnet dubbed "OMG" is based on the OOMGA string found in some parts of the malware's source code where the name "Mirai" used to appear.安全研究人员发现了一个臭名昭着的Mirai僵尸网络的新变种,旨在将易受攻击的物联网设备转变为代理服务器,用于各种恶意活动。根据FortiGuard Labs的研究人员的说法,被称为“OMG”的僵尸网络是基于恶意软件源代码中曾经出现“Mirai”名称的某些部分中发现的OOMGA字符串。

In 2016, the original Mirai botnet was used to take over hundreds of thousands of IoT devices worldwide and hit DNS provider Dyn with a massive distributed denial of service (DDoS) attack, taking down a large swathe of the internet in the process.在2016年,原来的Mirai僵尸网络被用来接管全球数十万物联网设备,并向DNS提供商Dyn发起大规模分布式拒绝服务(DDoS)攻击,在此过程中大量的互联网公司网站无法访问服务无法使用。

传送门
>网站遭遇DDOS攻击,除了给云服务商交钱增加弹性带宽以外就没招了么
>时隔一年,美国互联网管理公司Dyn再次遭遇DDoS攻击
>利用物联网设备,DDoS攻击数量在6个月内翻了一番

Since the developers behind Mirai publicly released the malware's source code later that year, numerous hackers have since tweaked it to create their own modified scripts for various illegal activities.由于Mirai的开发者在2016年晚些时候公开发布了恶意软件的源代码,因此许多黑客已经调整了它的代码,为各种非法活动创建自己的修改脚本。

"Since the release of the source code of the Mirai botnet, FortiGuard Labs has seen a number of variations and adaptations written by multiple authors entering the IoT threat landscape," the researchers wrote in a blog post. "These modified Mirai-based bots differ by adding new techniques, in addition to the original telnet brute force login, including the use of exploits and the targeting of more architectures."研究人员在一篇博客文章中写道:“自Mirai僵尸网络源代码发布以来,FortiGuard实验室已经看到了多名作者进入物联网威胁环境所写的一些变化和改编。 “除了最初的远程登录蛮力登录之外,这些修改后的基于Mirai的僵尸程序的不同之处在于增加了新的技术,包括利用漏洞和更多架构的目标。”

The latest OMG joins the growing Mirai family filled with variants such as Satori, Okiru, Masuta and more.最新的OMG加入了日益增长的Mirai家族,这些家族充满了Satori,Okiru,Masuta等等变体。

Mirai OMG adds and removes some configurations that were found in the original Mirai code, but still includes the original modules including the attack, killer and scanner modules.Mirai OMG添加并删除了原始Mirai代码中的一些配置,但仍包含原始模块,包括攻击,杀手和扫描仪模块。

Therefore, OMG can perform several functions that the original Mirai could such as killing processes, brute-forcing devices with weak passwords to spread and carrying out DoS attacks.因此,OMG可以执行原始Mirai可能执行的几项功能,例如查杀进程,攻破弱密码的网络设备并用来传播和执行DoS攻击。

Once the IoT device is infected, the malware attempts to establish contact with the C&C server and sends a defined data message once connected identifying the new compromised device as a new bot. The server then analyses the data message and instructs the malware to perform one of three functions - turn the device into a proxy server, launch a DDoS attack through the bot or terminate the connection.一旦物联网设备受到感染,恶意软件会尝试与C&C服务器建立联系,并在连接后发送一个定义的数据消息,将新的受感染设备识别为新的僵尸程序。 服务器然后分析数据消息并指示恶意软件执行三项功能之一 - 将设备转换为代理服务器,通过bot启动DDoS攻击或终止连接。

The Fortinet researchers believe the threat actors behind this new variant are likely selling access to the compromised servers to other cybercriminals.Fortinet的研究人员认为,这个新变种背后的黑客可能会向其他网络罪犯出售遭受入侵的服务器。

"Cybercriminals use proxies to add anonymity when doing various dirty work such as cyber theft, hacking into a system, etc," researchers noted. One way to earn money with proxy servers is to sell the access to these servers to other cybercriminals. This is what we think the motivation is behind this latest Mirai-based bot."研究人员指出:“网络犯罪分子使用代理在进行各种肮脏工作时添加匿名性,例如网络盗窃,黑客入侵系统等。”使用代理服务器赚钱的一种方法是将对这些服务器的访问权出售给其他网络犯罪分子。这就是我们认为动机来自这个最新的基于Mirai的机器人的原因。“

While the original Mirai was designed to carry out powerful DDoS attacks, the researchers note that many of the modifications made by hackers to the original code have been intended to illegally earn money.虽然最初的未来是为了执行强大的DDoS攻击而设计的,但研究人员指出,黑客对原始代码进行的许多修改都是为了非法赚钱。

"Later modifications were used to target vulnerable ETH mining rigs to mine cryptocurrency," researchers said. "This is the first time we have seen a modified Mirai capable of DDOS attacks as well as setting up proxy servers on vulnerable IoT devices. With this development, we believe that more and more Mirai-based bots are going to emerge with new ways of monetisation."研究人员说:“后来的修改被用于针对易受攻击的ETH采矿设备来开采加密货币。” “这是我们第一次看到修改后的Mirai能够在进行DDoS攻击的同时,在易受攻击的物联网设备上设置代理服务器。通过这种发展,我们相信越来越多的基于Mirai的僵尸网络将会出现新的犯罪盈利模式“。

上一篇:没有资料 下一篇:没有资料