ESET researchers have identified a new and improved version of ESET Kaiten, a malware controlled via Internet Relay Chat (IRC) και το οποίο συνήθως usesται για επιθέσεις άρνησης εξυπηρέτησης (distributed denial-of-service, DDoS).
The new version of malware has been called "KTN-Remastered" or "KTN-RM," while ESET researchers have already identified three versions of malware Linux / Remaiten. Based on the artifacts found in the code, the main feature of malware is the improved spread mechanism.
Based mainly on his telnet scan Linux / Gafgyt, το KTN-RM (Kaiten) βελτιώνει το μηχανισμό εξάπλωσης χρησιμοποιώντας εκτελέσιμα δυαδικά downloaders για ενσωματωμένες πλατφόρμες, όπως routers και άλλες συνδεδεμένες συσκευές, ενώ στοχεύουν κυρίως περιπτώσεις με αδύναμο διαπιστευτήρια σύνδεσης.
"In addition, his work downloader is to ask the Command & Control server for the Linux / Remaiten binary bot for its current architecture. When executed, it creates another bot that can be maliciously used by its creators. We have encountered this technique before using it Linux / Moose for spreading, "notes Michal Malík, Malware Researcher of ESET.
In a strange twist, this strain of malware also has one message for those who might try to neutralize it.
«In the welcome message, 2.0 appears to stand out malwaremustdie.org which has published extensive details about it Gafgyt, the Tsunami and other members of this family Malware"Adds Malík.
More information about Bot Linux / Remaiten is available at technical article by Michal Malik on ESET's official blog for issues security, WeLiveSecurity.com.