Mirai Botnet Windows Version Discovered

Dr. Web experts identified a newer iteration of the Mirai botnet which now comes with a Windows version for a greater impact.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Windows Version Of The Mirai Botnet Released

Dr. Web experts announced the discovery of a new dangerous threat – an updated version of the Mirai botnet which features a Windows client. It has been used in several DDOS attack campaigns. The Windows version of Mirai is used as a Trojan helper which helps the botnet to spread to a lot more devices. The previous Mirai versions worked by instituting a combination of a dictionary-based port knocking attack. This is done by following this behavior pattern:

  1. The Mirai botnet is engaged by the hackers. All recruited bots are engaged against a predefined target list.

  2. A dictionary-based attack is initiated against each host using the Telnet protocol. The following ports are used: 22, 23, 135, 445, 1433, 3306 and 3389.

  3. The hosts are infected with the Mirai botnet which recruits them to the botnet.

The botnet is used to infect thousands of various types of IoT devices such as CCTV, DVRs, routers and such. If the infected devices run a Linux Gnu/Linux distribution a series of commands are executed. If the Windows operating system is used then a local version of the malware is installed on the victim computer.

In the new release of the malware it has been discovered that the virus engine is able to infect various databases as well, including MSSQL and MySQL ones. It was discovered that the virus creates a database user named “Mssqla” using the “Bus3456#qwein” with root privileges.

The Mirai Botnet Continues Its Evolution

The malware has evolved once again and this new version proves the point that system administrators should take important steps into securing their devices. Most of the major botnet attacks are carried out against smart IoT devices which have very weak security by default. The problem lies in the fact that consumers and device owners can also be blamed as they have not secured their property. For more information on IoT security, the most important issues and ongoing problems you can read our in-depth article titled “Security Tips for IoT Owners”.

Fortunately the Windows client of the Mirai botnet can easily be removed with the help of a quality anti-spyware solution. We recommend that all users scan their computers to see if they have been infected with malware.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *