IoT malware wipes data from infected systems

08 Apr 2017

1

Hackers have started incorporating data-wiping routines to malware that is designed to infect internet-of-things and other embedded devices. The behaviour was seen in two recent attacks but likely for different purposes.

Researchers from Palo Alto Networks identified a new malware program called Amnesia that infects digital video recorders through a year-old vulnerability.

Amnesia is a variation of an older IoT botnet client called Tsunami, but what made it interesting is that it attempted to detect whether it was running inside a virtualised environment.

The malware conducts a number of checks to determine whether the Linux environment it ran in was actually a virtual machine based on VirtualBox, VMware, or QEMU. Such environments had been  used by security researchers to build analysis sandboxes or honeypots.

Virtual machine detection had been a part of Windows malware programs for years, but this was the first time when the feature had been observed in malware built for Linux-based embedded devices. In case Amnesia detected the presence of a virtual machine it would attempt to wipe critical directories from the file system using the Linux "rm -rf" shell command so as to destroy any evidence they might have collected.

Meanwhile, researchers from Radware, a security services provider discovered a different malware attack, targeting IoT devices, that they had dubbed BrickerBot. BickerBot worked thorough compromised routers and wireless access points against other Linux-based embedded devices.

Meanwhile Radware says in article on its site:

The Bricker Bot PDoS attack used Telnet brute force - the same exploit vector used by Mirai - to breach a victim's devices. Bricker does not try to download a binary, so Radware does not have a complete list of credentials that were used for the brute force attempt, but were able to record that the first attempted username/password pair was consistently 'root'/'vizxv.'

Upon successful access to the device, the PDoS bot performed a series of Linux commands that would ultimately lead to corrupted storage, followed by commands to disrupt Internet connectivity, device performance, and the wiping of all files on the device.

Business History Videos

History of hovercraft Part 3 | Industry study | Business History

History of hovercraft Part 3...

Today I shall talk a bit more about the military plans for ...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of hovercraft Part 2 | Industry study | Business History

History of hovercraft Part 2...

In this episode of our history of hovercraft, we shall exam...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Hovercraft Part 1 | Industry study | Business History

History of Hovercraft Part 1...

If you’ve been a James Bond movie fan, you may recall seein...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Trams in India | Industry study | Business History

History of Trams in India | ...

The video I am presenting to you is based on a script writt...

By Aniket Gupta | Presenter: Sheetal Gaikwad

view more
View details about the software product Informachine News Trackers