Kaspersky: Windows Mirai bot traced to China

Kaspersky: Windows Mirai bot traced to China

kaspersky research new windows mirai spreader

Researchers at IT security firm Kaspersky Lab have claimed new findings in the battle to shut down Mirai botnets and warned of a Mirai crossover between Linux and Windows. 

In a blog post published this week, the team at Kaspersky Lab claims to have analysed the first Windows-based spreader of the original Mirai malware. The investigation has been part of a wider effort to shut down down Mirai botnets on the web.

As previously reported, the original Mirai botnet cyber attacks of 2016 were extensive and seemed to convince developers and manufacturers to start taking IoT security more seriously.

Not only did they exploit security flaws in IoT devices ranging from CCTV cameras to home routers, they also set records for DDoS traffic generation and brought a number of popular online platforms to a standstill.

Read more: Despite industry concern, IoT app security still isn’t a priority

Windows Mirai spreader the work of more skilled developer than original

According to Kaspersky, the new Windows bot bears all the hallmarks of a developer more advanced than the one responsible for the original attacks.

On top of the worrying implications of this latest finding, Kaspersky has reason to believe that the author is Chinese-speaking, based in China or Taiwan. It’s thought that the Windows strain of Mirai has been responsible for 500 separate attacks in 2017 already.

This new strand of the Mirai malware comes after the source code for the original bot was made publicly available.

According to Kaspersky, the new Windows strain of the Mirai botnet is “richer and more robust than the original Mirai codebase”. Having said that, the blog post states that many of its components, techniques and functions are “several years old”, so “its capacity for spreading the Mirai malware is limited”.

Kaspersky: This is only the beginning

“The appearance of a Mirai crossover between the Linux platform and the Windows platform is a real concern, as is the arrival on the scene of more experienced developers,” said Kurt Baumgartner, principal security research at Kaspersky Lab.

“The release of the source code for the Zeus banking Trojan in 2011 brought years of problems for the online community – and the release of the Mirai IoT bot source code in 2016 will do the same for the Internet.”

The fear in the security community is that with the release of the Mirai source code, the rabbit has been let out of the hat; things are going to get worse before they get better.

“More experienced attackers, bringing increasingly sophisticated skills and techniques, are starting to leverage freely available Mirai code. A Windows botnet spreading IoT Mirai bots turns a corner and enables the spread of Mirai to newly available devices and networks that were previously unavailable to Mirai operators. This is only the beginning,” warned Baumgartner.

At the end of January 2017, researcher Brian Krebs claimed to have discovered the original creator of the Mirai botnet – a hacker known as “Anna Senpai” – a student studying at Rutgers University in the US.

Read more: Businesses need more focus on smart device security, says Samsung