SHARE

 Beta: The infamous Mirai botnet malware has finally entered the world of Microsoft Windows. An antivirus firm recently discovered a new variant of Mirai, which is now named Trojan.Mirai.1. The trojan uses Windows devices to increase Mirai’s botnet army by infecting Linux-based IoT devices. Notably, Mirai was the chief player in some of the biggest DDoS attacks witnessed last year.

Last year was full of reports of hacking attacks that were performed with the army of Mirai botnets, which was the very first popular IoT malware. Hackers took control of the devices using their default username and passwords, and used them to carry out one of the biggest ever DDoS attacks.

While Mirai botnet (Mirai.Linux) originally infected Linux-based IoT devices, the security researchers have now been able to detect a new version of Mirai that infects Windows computers.

How does Mirai botnet’s Windows version work?

Mirai botnet’s Windows version was exposed by Dr. Web Antivirus. Named Trojan.Mirai.1, this malware for Microsoft Windows is written in C++ programming language. The malware is designed to scan TCP ports in order to execute commands and distribute the malware.Screen Shot 2017-02-10 at 6.23.42 PMAfter the attack is launched, Trojan.Mirai.1 connects to its C&C (command and control) server and downloads the configuration file for extracting the list of IP addresses. This is followed by the scanning of ports and launch of different flags.

If it’s successful in establishing a connection with the attacked node via any protocol, it executes a sequence of commands. This trojan can also execute on remote machines that make use of IPC (inter-process communication) technology.

Moreover, if the target computer has Microsoft SQL Server, Trojan.Mirai.1 acts with administrative privileges and performs many malicious tasks.

How does Mirai’s Windows version spread?

Let’s suppose Windows version of Mirai infects a new device and the target turns out to be running Linux. In that case, a series of commands are run and a new Mirai botnet is created.

If Windows Mirai infects another Windows device, it leaves a copy on that device and continues further.

While the exact consequences of this development can’t be predicted at the moment, but its arrival on Windows might inspire hackers to try out new things.

LEAVE A REPLY

Please enter your comment!
Please enter your name here