ESET researchers have spotted a new variant of malware, dubbed Remaiten, which combines different features from other families of malware and uses a unique method of distribution.
The Linux bot performs telnet scans, which are user command and an underlying TCP/IP protocol for accessing remote computers, to search for embedded systems including routers, gateways, wireless access points, and potentially internet of thing devices (IoT) that use default or weak credentials, ESET Malware Researcher Marc-Étienne Léveillé told SCMagazine.com.
Once a vulnerable device is found, Remaiten will send a small executable file, dubbed the Remaiten downloader, to the remote device via telnet to fetch the full Remaiten IRC bot malware from the remote command and control server, Léveillé said.
Source: http://www.scmagazine.com/remaiten-linux-bot-uses-a-unique-method-of-distribution/article/486416/
Submitted by: Arnfried Walbrecht
Comments are closed.