HomeWinBuzzer NewsThe Mirai Botnet Is Using Windows Computers to Find New Targets

The Mirai Botnet Is Using Windows Computers to Find New Targets

The Mirai botnet now has a Windows variant via a C++ trojan. The virus can modify the registry, modify Microsoft SQL Databases, and identify and infect IoT devices. Security firms are rolling out updates for the new threat.

-

If you've been keeping up with tech news you will have heard of the Mirai botnet. Last year, attackers used it to take down a huge chunk of the internet, including Netflix, Amazon, and Twitter. It's currently the most widespread Linux trojan.

We covered 's response the attack last year. Security expert Paul Nicholas called for a shift in organization's view of cybersecurity. However, reports from antivirus firm Dr. Web reveal that Windows devices now play a significant role.

First, it's important to understand how it functioned. The botnet infected a host of IoT devices with malware. Devices include printers, cameras, baby monitors and more. Attackers used the botnet to perform a Distributed Denial of Service (DDoS) attack of 1.2 terabits per second. This flooded networks with thousands of false requests, causing them to crumble under the pressure.

Role of Windows

Since then, the botnet has only grown. A big factor in that is the use of Windows computers. Rather than assist in DDoS attacks, they are being utilized to discover more targets.

Mirai logs into surrounding IoT devices by trying default username and password combinations. Windows machines appear to be able to this much more quickly. The malware can scan several network ports at once, sending out files to vulnerable devices.

In the process, Mirai's new form can delete and modify files, modify the registry, and edit SQL databases.

“If the attacked remote computer has Microsoft SQL Server, a management system for relational databases, working on it, Trojan.Mirai.1 creates within it the user Mssqla with the password Bus3456#qwein and sysadmin privileges,” said Dr. Webb researchers.

“Acting under the name of this user and with the help of the SQL server event service, the Trojan executes various malicious tasks…Trojan.Mirai.1 has been added to the Dr.Web virus databases, and, therefore, it poses no threat to our users.”

Last Updated on August 4, 2017 11:58 am CEST by Markus Kasanmascheff

SourceDr. Web
Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News