Targets network equipment such as routers, gateways, and wireless access points and potentially also IoT devices equipped with the operating system of the penguin.
There is a new and more powerful version of Kaiten, malware controlled via Internet Relay Chat (IRC), usually used to carry out DDoS attacks (Distributed Denial of Services), tells Eset in a statement. The remastered malware has been dubbed Linux / Remaiten and targets network equipment such as routers, gateways, and wireless access points and potentially also IoT devices equipped with Linux operating systems.
Researchers have so far identified three variants of Linux / Remain, identified as versions 2.0, 2.1 and 2.2. Based on the analysis of the code, the main novelty of this version is its sophisticated diffusion mechanism: using the basic telnet scanning system Linux / Gafgyt, Linux / Remaiten improves the diffusion mechanism and successfully deliver your code binary executable of network equipment such as routers and other connected devices, trying to hit especially those protected by weak credentials. The work of the Downloader component, built into the bot binary itself, is to require the binary code of the bot Linux / Remaiten to its command and control server. When this is executed creates another bot that can then be used by criminals. Researchers have noted that this technique had already been used by the Linux / Moose to spread infections.
It is curious, says Eset in the report, that this variant of malware includes a message intended for anyone trying to neutralize this threat within the welcome message, version 2.0 directly quotes malwaremustdie.org which published detailed information on Gafgyt, Tsunami and other members of this family of malware.