Your browser is obsolete!

The page may not load correctly.

Vulnerable

Уязвимые

Other issues in this category (35)
  • add to favourites
    Add to Bookmarks

A threat but no file

Read: 460 Comments: 1 Rating: 0

Tuesday, July 18, 2017

We usually regard viruses and Trojans as files. Even those belonging to the bodiless category because in the course of infection they write or download data. How else could they persist after a system restart? But do criminals really need a file in order to commit unlawful acts?

Perhaps, the news about BrickerBot didn't cause a stir in the media, but it definitely didn't go unnoticed.

This malicious program is equipped with a list of factory default logins and passwords. If an owner of a targeted device hasn't changed their default account information, the malware will be able to log in and execute commands in Linux.

BrickerBot is quite different from other malware for IoT devices because it doesn't connect compromised nodes into botnets to channel malicious traffic or mount DDoS attacks. As of now, it's not quite clear how its makers benefit from bricking attacked devices.

BrickerBot.2 is a more complex strain and can run more commands. During attacks involving BrickerBot.2, assailants use Tor exit nodes, so tracking an attack’s source becomes impossible.

The attackers may even be some kind of vigilante group pursuing a noble cause: drawing attention to IoT security problems.

http://www.securitylab.ru/news/485811.php

This disproves the myth that criminals conduct business honestly and allow victims whose devices have been infected to recover their data, and the myth that criminals offer additional services and technical support. And here, just like in the good old times, malware ruins everything indiscriminately.

Meanwhile, the original threat description doesn't clearly indicate whether devices get infected or all the commands are issued remotely. The screenshots showing how commands are executed on an attacked device are particularly interesting.

BrickerBot #drweb

https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/

Competent Linux users will instantly notice the commands make use of standard system utilities. That means everything attackers need to commit a crime is already "on board"!

And, thus, we face a threat few people care to understand. People regard an anti-virus as a panacea. But anyone gaining remote access to a machine will use legitimate system utilities to perform their tasks. None of the utilities is malicious, and there is no reason to block their operation.

Something similar has already happened. An encryption ransomware strain for Linux (Linux.Encoder.1 under the Dr.Web classification system) used a standard encryption utility. However, the utility was launched using a script whose execution could be blocked.

"Generals always prepare for the past war", Winston Churchill once said. In the case of information security, the situation is somewhat better for we are prepared to wage the current war. But are we prepared to face threats we’ve not considered properly?

#vulnerability, #Linux

The Anti-virus Times recommends

  1. Use strong passwords and change them regularly.
  2. If you don't access your system remotely, disable this feature.
  3. Disable services you don’t use.
  4. Clean your system of unused files and components. The less redundant software there is in a system, the fewer ways there are for criminals to sneak in.
  5. On Windows computers, always use only Dr.Web Security Space. The preventive protection can even respond to threats no one knows about, even if no information about a file is available.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments

Comments to other issues | My comments