A new variant of the ubiquitous Mirai malware trawls the internet for a huge 71 unique exploits, including 13 new vulnerabilities not previously seen exploited in the wild.
That’s according to a fresh report from Palo Alto Networks that landed Monday, which details the botnet-creating malware’s use of “extremely old CVEs” (as early as 2003) through to vulnerabilities made public as recently as early December 2019.
Enter, ECHOBOT
The new Mirai malware strain, dubbed ECHOBOT, was first seen in the wild in May 2019. The latest version, which scans for a host of fresh exploits, in turn first surfaced on October 28th, 2019 for a couple of hours, after which it was taken down.
It then resurfaced on December 3, switching payload IPs and adding two more exploits that weren’t in the samples analysed in October, Palo Alto said.
The new exploits that it targets span a “range of devices from the usually expected routers, firewalls, IP cameras and server management utilities, to more rarely seen targets like… an online payment system and even a yacht control web application.”
Mirai typically targets Internet of Things (IoT) devices, then turns them into zombie machines which can be put to a wide range of malicious uses.
Mirai Malware: 60+ Variants in the Wild
Mirai is now made up of several different botnets, which sometimes compete with each other. The Mirai malware first drew widespread scrutiny after it underpinned a huge DDoS takedown of DNS provider Dyn in 2016. IBM’s X-Force says there are now at least 63 Mirai variants, and sees it double as much as the next Mirai-like botnet, Gafgyt.
Palo Alto lists the CVEs ECHOBOT exploits and IOCs here.