ESET researchers have identified a new and improved version of ESET Kaiten, an Internet Relay Chat (IRC) malware that is commonly used for distributed denial-of-service (DDoS) attacks.
The new version of malware has been called "KTN-Remastered" or "KTN-RM," while ESET researchers have already identified three versions of malware Linux / Remaiten. Based on the artifacts found in the code, the main feature of malware is the improved spread mechanism.
Based mainly on his telnet scan Linux / Gafgyt, KTN-RM (Kaiten) improves the deployment mechanism by using executable binary downloaders for embedded platforms, such as routers and other connected devices, and mainly targeting weak credentials.
"Furthermore, the work of downloader is to ask the server Command & Control the Linux/Remaiten bot binary for its current architecture. When executed, it creates another bot that its creators can use maliciously. We have seen this technique used before by Linux / Moose for the spread" notes Michal Malík, Malware Researcher of ESET.
In a strange turn, this malware engine also has a message for those who can try to neutralize it.
«In the welcome message, 2.0 appears to stand out malwaremustdie.org which has published extensive details about it Gafgyt, the Tsunami and other members of this family Malware"Adds Malík.
More information about Bot Linux / Remaiten is available at technical article by Michal Malik on ESET's official topic blog better safetyq, WeLiveSecurity.com.