ESET researchers have identified a new and improved version of ESET Kaiten, one maliciousυ λογισμικού που ελέγχεται μέσω Internet Relay Chat (IRC) και το οποίο συνήθως χρησιμοποιείται για attacks άρνησης εξυπηρέτησης (distributed denial-of-service, DDoS).
The new version of malware has been called "KTN-Remastered" or "KTN-RM," while ESET researchers have already identified three versions of malware Linux / Remaiten. With base artifacts found within the code, the main feature of the malware is an improved propagation mechanism.
Based mainly on his telnet scan Linux / Gafgyt, KTN-RM (Kaiten) improves the propagation mechanism by using executable binary downloaders for embedded platforms, such as routers and other connected devices, while mainly targeting instances with weak login credentials.
"In addition, his work downloader is to ask the Command & Control server for the Linux / Remaiten binary bot for its current architecture. When executed, it creates another bot that can be maliciously used by its creators. We have encountered this technique before using it Linux / Moose for the spread" notes Michal Malík, Malware Researcher of ESET.
In a strange turn, this malware engine also has a message for those who can try to neutralize it.
«In the welcome message, 2.0 appears to stand out malwaremustdie.org which has published extensive details about it Gafgyt, the Tsunami and other members of this family Malware"Adds Malík.
More information about Bot Linux / Remaiten is available at technical article by Michal Malik on ESET's official blog on security issues, WeLiveSecurity.com.