Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Remaiten is a New DDoS Bot Targeting Routers based on Linux

Sophisticated exploits are not required for making botnets with modems, wireless access points, routers, as well as with other devices of networking. Remaiten, a new worm infecting embedded systems, increases due to weak passwords of Telnet.

Remaiten is the latest personification of distributed denial-of-service Linux bots, which are intended for embedded architectures. It was in fact called KTN-Remastered by its authors, where KTN in all probability referred to a well-known Linux bot known as Kaiten.

Informationsecuritybuzz.com posted on April 1st, 2016, stating that KTN-RM based mainly on telnet scanning of Linux/Gafgyt, and improves on that spreading system by carrying downloader executable binaries for embedded platforms, like routers as well as various connected devices, targeting primarily those having weak login credentials.

Whenever there is an open port, their system will experiment with various combinations of admin username and password. If the device has not been protected with a strong and difficult (not easy to guess) credentials, and only depends on the default factory settings, it is accessed and then infected by a simple malware.

The bot executes many commands to determine the architecture of the system, whenever the verification succeeds. It then transfers a small downloader program compiled for that architecture, which proceeds to download the full bot from a command-and-control server. This method of operation is imitated from Gafgyt DDoS bot, which too works in the same manner. The dissimilarity from the Gafgyt is this 1st-stage malware when installed on device, will scan to spot the architecture of the router and download the suitable Remaiten bot.

Moreover, Remaiten also have functionality such as removing every other bots belonging to same router and hence, it won't need to compete with the limited resources of the device. As per the research team of ESET, Remaiten bot could target routers that are running on ARM, MIPS, Power PC and Super H architectures. At this point, it is advisable to disable access of Telnet to the device, along with usage of strong passwords for avoiding infection to your device with Remaiten.

It is surprising that several networking devices still use Telnet for remote management, instead of more secure SSH protocol. It is also unfortunate that several devices ship with Telnet service open by default. Sadly, lot of gateway devices provided by ISPs to their customers does not allow users full access to the management features.

» SPAMfighter News - 4/7/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page