Jump to content

Remaiten

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by FockeWulf FW 190 (talk | contribs) at 16:52, 15 November 2016 (See also: added another item to list). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Remaiten is a Malware which infects Linux on embedded systems by brute forcing using frequently used default username and passwords combinations from a list in order to infect a system.[1]

Remaiten combines the features of the Tsunami and LizardStresser (aka Torlus) malware families.[2] The command and control for Remaiten are handled by IRC communications. Additionally the command and control is done by an actual IRC channel rather than only the IRC protocol. This is an improvement over bots such as Tsunami and Torlus making Remaiten a greater threat than both combined.[3]

In order to make it less likely to be detected Remaiten tries to determine the platform of a device and only upload the appropriate downloader to download the architecture-appropriate Remaiten bot from the command & control server.[4]

Once Remaiten infects a device it is able to perform actions such as launching distributed denial of service attacks or download more malware on a device.[5] Remaiten is able to scan and remove competing bots on a system compromised by it.[6]

See also

References

  1. ^ "New Remaiten Malware Builds Botnet of Linux-Based Routers". securityweek.com. March 30, 2016. Retrieved 6 November 2016.
  2. ^ Paganini, Pierluigi (March 31, 2016). "The Linux Remaiten malware is building a Botnet of IoT devices". securityaffairs.co. Retrieved 6 November 2016.
  3. ^ Cimpanu, Catalin (Mar 31, 2016). "Remaiten Is a New DDoS Bot Targeting Linux-Based Home Routers". Softpedia. Retrieved 6 November 2016.
  4. ^ Malik, Michal (30 Mar 2016). "Meet Remaiten – a Linux bot on steroids targeting routers and potentially other IoT devices". Retrieved 6 November 2016.
  5. ^ Abel, Robert (March 30, 2016). "Remaiten Linux bot combines malware features to target weak credentials". www.scmagazine.com. scmagazine.com.
  6. ^ "Your Linux-based home router could succumb to a new Telnet worm, Remaiten". computerworld.com. March 31, 2016. Retrieved 9 November 2016.