Widely used D-Link modem/router under mass attack by potent IoT botnet
Malicious hackers are mass exploiting a critical vulnerability in D-Link DSL routers in an attempt to make them part of Satori, the potent Internet-of-things botnet that is used to take down websites and mine digital coins, researchers said.
Since making its debut late last year, Satori has proven to be a particularly versatile and sophisticated botnet. It made a name for itself in December when it infected more than 100,000 Internet-connected devices in just 12 hours by exploiting remote code-execution vulnerabilities in Huawei and RealTek routers. A month later, Satori operators released a new version that infected devices used to mine digital coins, proving that the IoT botnet could also take control of more traditional computing devices. In February, Satori resurfaced when it infected tens of thousands of routers manufactured by Dasan Networks.
Building a better mousetrapA key to Satori's success is its use of the publicly released Mirai IoT botnet source code to turn devices with easily guessable passwords into platforms for launching Internet-crippling attacks. In 2016, Mirai launched a series of record-setting denial-of-service attacks that took security site KrebsonSecurity offline and also targeted online gamers. Satori operators use the Mirai code as a foundation on which they've erected an evolving series of new exploits that allow the botnet to control devices even when they're secured with strong passwords.
Read 6 remaining paragraphs | Comments