This new version of the botnet uses exploits instead of brute force attacks to gain control of unpatched devices.
The new version of Mirai– a powerful cyberattack tool which took down large swathes of the internet across the US and Europe in late 2016– has been uncovered by researchers at security company Fortinet, who have dubbed it Wicked after lines in the code.
The original version of Mirai was deployed to launch massive distributed denial-of-service (DDoS) attacks, but has also been modified for other means after its source code was published online including to turn unpatched IoT devices into crytocurrency miners and proxy servers for delivering malware.
While the original Mirai uses traditional brute force attacks in an attempt to gain control of IoT devices, Wicked uses known and available exploits in order to do its work. Many of these are old, but the inability of many IoT devices to actually install updates means they haven’t been secured against known exploits.
For more information see:
Fortinet: A Wicked Family of Bots