Remaiten
Remaiten is malware which infects Linux on embedded systems by brute forcing using frequently used default username and passwords combinations from a list in order to infect a system.[1]
Aliases | Remaiten |
---|---|
Operating system(s) affected | Linux |
Remaiten combines the features of the Tsunami and LizardStresser (aka Torlus) malware families.[2] The command and control for Remaiten are handled by IRC communications. Additionally the command and control is done by an actual IRC channel rather than only the IRC protocol. This is an improvement over bots such as Tsunami and Torlus making Remaiten a greater threat than both combined.[3]
To avoid detection, Remaiten tries to determine the platform of a device to download the architecture-appropriate component from the command & control server.[4]
Once Remaiten infects a device it is able to perform actions such as launching distributed denial of service attacks or download more malware on a device.[5] Remaiten is able to scan and remove competing bots on a system compromised by it.[6]
References
- "New Remaiten Malware Builds Botnet of Linux-Based Routers". securityweek.com. March 30, 2016. Retrieved 6 November 2016.
- Paganini, Pierluigi (March 31, 2016). "The Linux Remaiten malware is building a Botnet of IoT devices". securityaffairs.co. Retrieved 6 November 2016.
- Cimpanu, Catalin (Mar 31, 2016). "Remaiten Is a New DDoS Bot Targeting Linux-Based Home Routers". Softpedia. Retrieved 6 November 2016.
- Malik, Michal (30 Mar 2016). "Meet Remaiten – a Linux bot on steroids targeting routers and potentially other IoT devices". Retrieved 6 November 2016.
- Abel, Robert (March 30, 2016). "Remaiten Linux bot combines malware features to target weak credentials". www.scmagazine.com. scmagazine.com.
- "Your Linux-based home router could succumb to a new Telnet worm, Remaiten". computerworld.com. March 31, 2016. Retrieved 9 November 2016.