ESET researchers have identified a new and improved version of ESET Kaiten, an Internet Relay Chat (IRC) malware that is commonly used for distributed denial-of-service (DDoS) attacks.
Η new edition of the malware has been named "KTN-Remastered" or "KTN-RM", while ESET researchers have already identified three versions of Linux / Remaiten. Based on the artifacts found in the code, the main feature of malware is the improved spread mechanism.
Based mainly on his telnet scan Linux / Gafgyt, the KTN-RM (Kaiten) βελτιώνει το μηχανισμό εξάπλωσης χρησιμοποιώντας εκτελέσιμα δυαδικά downloaders για ενσωματωμένες platforms, όπως routers και άλλες συνδεδεμένες Appliances, while mainly targeting cases with weak login credentials.
"In addition, his work downloader is to ask the Command & Control server for the Linux / Remaiten binary bot for its current architecture. When executed, it creates another bot that can be maliciously used by its creators. We have encountered this technique before using it Linux / Moose for spreading, "notes Michal Malík, Malware Researcher of ESET.
In a strange turn, this malware engine also has a message for those who can try to neutralize it.
«In the welcome message, 2.0 appears to stand out malwaremustdie.org which has published extensive details about it Gafgyt, the Tsunami and other members of this family Malware"Adds Malík.
More information about Bot Linux / Remaiten is available at technical article by Michal Malik on ESET's official topic blog better safetyq, WeLiveSecurity.com.