Mirai has boosted itself for distribution of DDoS attack again.
MIRAI, biggest IoT-based malware threat that emerged last year, which caused the vast internet unreachable in October last year by launching massive distributed denial-of-service (DDoS) attacks against the popular DNS provider Dyn.
It is a malicious program for Linux-based IoT. It scans insecure IoT devices and makes them work as a botnet network and then it uses them to launch DDoS attacks by using a technique know as factory device credentials.
Statement – Researchers from Russian cyber-security firm Dr.Web have now uncovered a trojan which is window based now uses to spreads Mirai to hacks for more devices.
Working Of Mirai
The new version of Trojan Mirai which is window based scans the user’s network for compromisable Linux-based connected devices.Once installed on window computer, the Trojan connects command-and-control server and then downloads a config file containing bulks IP’s for attempting authentication over several ports such as 22(SSH) and 23(Telnet),445, 1433, 3306 and 3389.Once compromised it itself start spreads to different window computer giving more power to take over more computers to carry out DDoS attack.
The researchers also found that the Mirai can also compromise database services running on window computers on various ports, which includes MySQL and Microsoft SQL to create a new admin “phpminds” with the password a “phpgodwith,” allowing attackers to grab the database.
Sources code of Mirai malware – Click Here