The march of the infamous Mirai botnet continues, with Kaspersky having found the first Windows-based spreader for the malware.
You probably remember Mirai from last year – it was the source of a huge number of infections which powered some massive DDoS attacks. Well, now the code (which was made openly available online in 2016) has been crafted to make a Windows botnet, likely by a Chinese speaking malware author according to the security firm (going by language clues in the coding, and similar signposts).
Kaspersky notes that the components and techniques used in the new spreader may be a few years old, but on an overall level it’s “richer and more robust” than the original Mirai code, and its developer appears to have more sophisticated skills than those behind last year’s DDoS campaigns.
- Nothing screams 'air-tight security' like a brand-new Chromebook
Experienced attackers
Kurt Baumgartner, Principal Security Researcher at Kaspersky, commented: “The appearance of a Mirai crossover between the Linux platform and the Windows platform is a real concern, as is the arrival on the scene of more experienced developers.
“More experienced attackers, bringing increasingly sophisticated skills and techniques, are starting to leverage freely available Mirai code. A Windows botnet spreading IoT Mirai bots turns a corner and enables the spread of Mirai to newly available devices and networks that were previously unavailable to Mirai operators. This is only the beginning.”
Kaspersky says it’s busy working with hosting providers and network operators in the process of taking out a ‘significant’ number of Mirai’s command and control servers.
- Worried about security? We’ve highlighted the best antivirus software