BrickerBot malware kills open IoT devices

By on
BrickerBot malware kills open IoT devices

"Phlashing" causes permanent denial of service.

A new strain of malware is infecting and permanently damaging unsecured internet of things devices instead of enrolling them in distributed denial of service networks, researchers have found.

Two variants of the so-called BrickerBot malware have been spotted by security vendor Radware since March 20 attempting to perform phlashing, or permanent denial of service (PDoS) attacks, against IoT devices.

The security vendor said BrickerBot's honeypot recorded 1895 PDoS attempts by the first variant and 333 by the second. In both cases, the BrickerBots hide their network origin by using The Onion Router (TOR) egress nodes.

BrickerBot utilises the same exploit vector as the damaging Mirai worm. It attempts to access systems through the telnet remote access port, trying to guess the device administration credentials to log into it.

If BrickerBot succeeds, it issues a series of Linux shell commands to permanently damage the storage of the IoT device, Radware said.

The storage corruption is followed by further commands to disrupt the internet connection for the device, degrade its peformance and ultimately wipe all data on it, rendering it unusuable.

Radware said the first version of BrickerBot is no longer performing PDoS attacks, but the second variant is still active and better concealed through TOR egress nodes.

The security vendor did not say who it suspects is behind the worm or why it seeks to brick devices.

Radware advised customers with IoT devices to change the default credentials and disable telnet access.

The malware could be the work of a vigilante coder, seeking to close IoT devices used in denial of service attacks.

In 2003, the Welchia/Nachi worm spread throughout the world, attacking computers through a vulnerability in the Windows remote procedure call service. 

Welchia/Nachi searched for and deleted the Blaster worm which also spread via the RPC vulnerability, and would delete itself after 120 days of processing, or on January 1 2004, whichever came first.

This resulted in it being seen as a friendly or vigilante worm among some observers, but security vendors slammed Welchia/Nachi as a serious threat to enterprises.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
brickerbot iot malware mirai security
In Partnership With

Most Read Articles

Telstra, Optus and Vodafone temporarily block websites after Christchurch attack

Telstra, Optus and Vodafone temporarily block websites after Christchurch attack
Telstra and Optus secure round four mobile blackspot sites

Telstra and Optus secure round four mobile blackspot sites
Millennials might swipe, can't screw: Bunnings boss nails omnichannel

Millennials might swipe, can't screw: Bunnings boss nails omnichannel
Govt to spend $220m on mobile, co-fund NBN area switches

Govt to spend $220m on mobile, co-fund NBN area switches
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

How Macquarie University has prepared for fire and flood
How Macquarie University has prepared for fire and flood
Guide to Fully-Composable Software-Defined Private Cloud
Guide to Fully-Composable Software-Defined Private Cloud
Is slow data silently killing your business? Here's why you should care.
Is slow data silently killing your business? Here's why you should care.
Cloud, AI, infosec: Is your IT strategy keeping up?
Cloud, AI, infosec: Is your IT strategy keeping up?
Australian business moves to a new cloud era
Australian business moves to a new cloud era

Events

Log In

Username / Email:
Password:
  |  Forgot your password?