New Malware and Mirai Botnet Variants Pose Significant Threats

There is no shortage of malware on the Dark Web. In particular, during the past week security researchers from various points around the world have been talking about three threats, two of which are variants of the now infamous Mirai botnet code.  Here’s a summary:

  • Satori code – Research indicates that this malware code was used to attack hundreds of thousands of Huawei routers and over 280,000 different IP addresses worldwide. The code was released on PasteBin in December 2017.
  • Okiru botnet – According to reports, this is a new botnet found targeting billions of ARC-based IoT devices worldwide. Mirai Okiru is similar to yet very different from the Mirai Satori variant, as explained on subreddit LinuxMalware. ARC-embedded processors are found in a wide range of internet-connected devices including cars, mobiles, TVs and cameras and are reportedly shipped in more than a billion products every year. That means hackers have the ability to infect billions of IoT devices to launch distributed denial of service (DDoS) attacks. According to the International Business Times, “Okiru means ‘wake up’ in Japanese, was discovered by Japan-based Malware Must Die researcher @unixfreaxjp and has been deemed the first ever malware developed for ARC systems.”
  • Zyklon malware – The most recently reported variant is a multi-function malware that has been floating around since 2016. It can steal passwords, allow hackers to launch DDoS attacks and mine cryptocurrency, and log keystrokes, among other things. What’s new is that hackers have discovered three vulnerabilities in Microsoft Office to install this malware, According to, hackers have launched a spam email campaign with an attached zip file that taps the vulnerabilities of MS Office. Thus, it’s important for businesses to install Microsoft Office updates. Ensuring your software is patched can help to keep you safe from attacks on your data or cryptocurrency, but the only way to ensure you are safe from external DDoS attacks generated by this malware, is to ensure you have the latest real-time DDoS protection in place.

It’s only a question of when, not if, these botnets and malware forms will be leveraged to launch massive DDoS attacks. Gartner forecasted that by 2020 there will be 20.4 billion “connected things” in use worldwide. Many of those IoT devices will not be built with effective security architecture to begin with, and if they are, they may not be secured via patches and updates throughout their lifecycle. The proliferation of unsecured IoT devices, combined with more sophisticated botnets, means that DDoS attacks are likely to become more common, and a percentage of them will be larger in scale, probably over 1Tbps. Effective DDoS protection requires continuous visibility into the threats, with real-time mitigation as well as long-term trend analysis to identify changes in the DDoS landscape and deliver proactive detection and mitigation.

For more information, contact us.

Leave a Reply