1 hour. 23 minutes ago
Analysts threats from ESET discovered a new malicious program targeting routers running Linux. The threat can also spread to the Internet of Things devices (Internet of Things), equipped with the same operating system.
Linux / Remaiten trying to log on to the device, and after successful trial on the charges is not a malicious program. Many infected in this way devices creates a botnet, or network of computers running the command cybercriminals. The network has so infected devices to carry out DDoS attacks on servers in the network.
The threat attempts to connect to random IP addresses, and if the connection is successful, Linux / Remaiten will try to guess the login information for the device (Telnet). After logging in to the router, the threat downloads a malicious program that attaches the device to the resulting botnet. A network of infected computers can now perform commands cybercriminals. Most often they consist of flooding (sending a huge amount of packages at very short intervals), downloading and running files or scanning the network for more devices to be able to sign them, and then infect. The essential functionality of the resulting botnet, however, is to carry out DDoS attacks on servers in the network.
The new threat – Linux / Remaiten – combines the capabilities of the earlier Trojans: Tsunami (also known as Kaiten) and Gafgyt. Added to it, however, some improvements, including recognition capabilities to the device hardware architecture (ARM, MIPS). So far, analysts threats ESET identified three new versions of this threat.