• chevron_right

      Linux devices are under attack by a never-before-seen worm

      news.movim.eu / ArsTechnica · Wednesday, 10 January - 16:12 · 1 minute

    Linux devices are under attack by a never-before-seen worm

    Enlarge (credit: Getty Images)

    For the past year, previously unknown self-replicating malware has been compromising Linux devices around the world and installing cryptomining malware that takes unusual steps to conceal its inner workings, researchers said.

    The worm is a customized version of Mirai, the botnet malware that infects Linux-based servers, routers, Web cameras, and other so-called Internet-of-things devices. Mirai came to light in 2016 when it was used to deliver record-setting distributed denial-of-service attacks that paralyzed key parts of the Internet that year. The creators soon released the underlying source code, a move that allowed a wide array of crime groups from around the world to incorporate Mirai into their own attack campaigns. Once taking hold of a Linux device, Mirai uses it as a platform to infect other vulnerable devices, a design that makes it a worm, meaning it self-replicates.

    Dime-a-dozen malware with a twist

    Traditionally, Mirai and its many variants have spread when one infected device scans the Internet looking for other devices that accept Telnet connections . The infected devices then attempt to crack the telnet password by guessing default and commonly used credential pairs. When successful, the newly infected devices target additional devices, using the same technique. Mirai has primarily been used to wage DDoSes. Given the large amounts of bandwidth available to many such devices, the floods of junk traffic are often huge, giving the botnet as a whole tremendous power.

    Read 11 remaining paragraphs | Comments

    • chevron_right

      Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet

      news.movim.eu / ArsTechnica · Wednesday, 22 November - 19:35 · 1 minute

    A stylized human skull over a wall of binary code.

    Enlarge (credit: Aurich Lawson / Ars Technica )

    Miscreants are actively exploiting two new zero-day vulnerabilities to wrangle routers and video recorders into a hostile botnet used in distributed denial-of-service attacks, researchers from networking firm Akamai said Thursday.

    Both of the vulnerabilities, which were previously unknown to their manufacturers and to the security research community at large, allow for the remote execution of malicious code when the affected devices use default administrative credentials, according to an Akamai post . Unknown attackers have been exploiting the zero-days to compromise the devices so they can be infected with Mirai, a potent piece of open source software that makes routers, cameras, and other types of Internet of Things devices part of a botnet that’s capable of waging DDoSes of previously unimaginable sizes.

    Akamai researchers said one of the zero-days under attack resides in one or more models of network video recorders. The other zero-day resides in an “outlet-based wireless LAN router built for hotels and residential applications.” The router is sold by a Japan-based manufacturer, which “produces multiple switches and routers.” The router feature being exploited is “a very common one,” and the researchers can’t rule out the possibility it’s being exploited in multiple router models sold by the manufacturer.

    Read 16 remaining paragraphs | Comments

    • chevron_right

      « Allô Paris ? Ici Moscou » : les coulisses de la propagande russe révélés dans une enquête

      news.movim.eu / Numerama · Wednesday, 8 November - 11:40

    Quatre ans d'enquête condensés dans un livre de poche pour comprendre comment la Russie réussit à infiltrer et influencer l'espace médiatique français. Nicolas Quénel y révèle tour à tour les prises de contacts avec des Youtubeurs, les embauches d'espions et l'inquiétude du ministère de la Défense. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      Increvable, le réseau malveillant Qakbot continue à faire des victimes malgré son démantèlement

      news.movim.eu / Numerama · Friday, 6 October - 12:03

    Le botnet Qakbot, un réseau malveillant utilisé pour lancer des campagnes de phishing, est encore actif malgré une opération des forces de l'ordre de sept pays, dont la France, pour le neutraliser. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      Crypto botnet on X is powered by ChatGPT

      news.movim.eu / ArsTechnica · Tuesday, 22 August, 2023 - 13:21

    An illustration of a robot and word balloons

    Enlarge (credit: sakchai vongsasiripat/Getty Image)

    ChatGPT may well revolutionize web search , streamline office chores , and remake education , but the smooth-talking chatbot has also found work as a social media crypto huckster.

    Researchers at Indiana University Bloomington discovered a botnet powered by ChatGPT operating on X—the social network formerly known as Twitter—in May of this year.

    The botnet, which the researchers dub Fox8 because of its connection to cryptocurrency websites bearing some variation of the same name, consisted of 1,140 accounts. Many of them seemed to use ChatGPT to craft social media posts and to reply to each other’s posts. The auto-generated content was apparently designed to lure unsuspecting humans into clicking links through to the crypto-hyping sites.

    Read 15 remaining paragraphs | Comments

    • chevron_right

      Zyxel users still getting hacked by DDoS botnet emerge as public nuisance No. 1

      news.movim.eu / ArsTechnica · Friday, 21 July, 2023 - 18:51

    Cartoon image of a desktop computer under attack from viruses.

    Enlarge (credit: Aurich Lawson / Ars Technica )

    Organizations that have yet to patch a 9.8-severity vulnerability in network devices made by Zyxel have emerged as public nuisance No. 1 as a sizable number of them continue to be exploited and wrangled into botnets that wage DDoS attacks.

    Zyxel patched the flaw on April 25. Five weeks later, Shadowserver, an organization that monitors Internet threats in real time, warned that many Zyxel firewalls and VPN servers had been compromised in attacks that showed no signs of stopping. The Shadowserver assessment at the time was: “If you have a vulnerable device exposed, assume compromise .”

    On Wednesday—12 weeks since Zyxel delivered a patch and seven weeks since Shadowserver sounded the alarm—security firm Fortinet published research reporting a surge in exploit activity being carried out by multiple threat actors in recent weeks. As was the case with the active compromises Shadowserver reported, the attacks came overwhelmingly from variants based on Mirai, an open source application hackers use to identify and exploit common vulnerabilities in routers and other Internet of Things devices.

    Read 8 remaining paragraphs | Comments

    • chevron_right

      Les faux médias gérés par ChatGPT sont en ligne

      news.movim.eu / Numerama · Thursday, 4 May, 2023 - 15:24

    Des sites génèrent des actualités accrocheuses à partir d'outils d'intelligence artificielle dans l'unique but de récupérer des revenus publicitaires. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      Syntax errors are the doom of us all, including botnet authors

      news.movim.eu / ArsTechnica · Monday, 5 December, 2022 - 21:54

    Error highlighted in code

    Enlarge / If you're going to come at port 443, you best not miss (or forget to put a space between URL and port). (credit: Getty Images)

    KmsdBot, a cryptomining botnet that could also be used for denial-of-service (DDOS) attacks, broke into systems through weak secure shell credentials. It could remotely control a system, it was hard to reverse-engineer, didn't stay persistent, and could target multiple architectures. KmsdBot was a complex malware with no easy fix.

    That was the case until researchers at Akamai Security Research witnessed a novel solution : forgetting to put a space between an IP address and a port in a command. And it came from whoever was controlling the botnet.

    With no error-checking built in, sending KmsdBot a malformed command—like its controllers did one day while Akamai was watching—created a panic crash with an "index out of range" error. Because there's no persistence, the bot stays down, and malicious agents would need to reinfect a machine and rebuild the bot's functions. It is, as Akamai notes, "a nice story" and "a strong example of the fickle nature of technology."

    Read 3 remaining paragraphs | Comments

    • chevron_right

      Ne faites pas confiance à ce mail de sextorsion, c’est un bluff envoyé par des escrocs

      news.movim.eu / Numerama · Friday, 29 July, 2022 - 09:51

    Un mail a été envoyé par des escrocs à des centaines de milliers de Français, indiquant qu'ils sont en possession de vidéos compromettantes. Ce message n'est destiné qu'à tromper les destinataires en échange d'une somme d'argent. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/