A piece of malware has affected close to a million devices and subjected them to a version of a distributed denial of service attack. The analysis was made by the security firm, Flashpoint and Level 3 Communications.
The malware which affected the devices is called BASHLITE, which is also known as Lizkebab, Torlis or Gafgyt. The initial issue was discovered back in 2014 after they had seen the ShellShock vulnerability. Around the time it was discovered, researchers found out that the malware exploited the ShellShock flaw to infect the devices so that it could then abuse them with the DDoS attacks.
The source code for BASHLITE was leaked back in 2015, and the result allowed malware developers to make use of the opportunity and create further variants of the malware. The malware is at the moment made to work on Linux devices therefore it is ideal to be put to work against the Internet of Things devices.
According to Level 3 and Flashpoint, the total number of affected devices by the malware is alleged to have peaked at 1 million, and it was widely spread across various botnets. The researchers said that 95 percent of the affected devices appeared to be digital video recorders and cameras.
The other four percent was for the routers and the rest was connected to Linux devices. Another statistic which they managed to reveal was that a large percentage of the affected devices were located in Brazil, Taiwan and Colombia, and a lot of the affected devices were just DVRs which were indicated as “H.264” DVR. These kind of DVRs are made by the video surveillance firm, Dahua Technology.
Researchers of the malware said that most of the affected devices run a flavor of embedded Linux. After they are combined with a bandwidth that is required to stream videos, then it becomes susceptible to DDoS attacks. Back in June, security firm Sucuri reported that botnets which were actually powered by several thousands of CCTV cameras around the globe had been used to launch some of the DDoS attacks against websites.
Level 3 wrote in a blog post that using IoT devices in botnets was nothing new and as they became even more common, the problems were expected to continue, as well as increase in number and power. Compromised home routers and hosts are still being targeted, but it is expected that bot herders will follow the path of least resistance. Before they can infect the new bot herders, they will likely take on unsecured IoT devices.