OMG Mirai Variant Turns IoT Devices Into Proxy Servers

A new Mirai variant, dubbed as OMG (detected by Trend Micro as ELF_MIRAI.AUSX), was found targeting Internet of Things (IoT) devices and turning them into proxy servers. A team of researchers discovered the new Mirai variant, which keeps Mirai’s original distributed denial-of-service (DDoS) attack capabilities but also adds and removes some of the configurations in the original code.

According to the researchers, OMG can do what the original variant can: kill processes related to Telnet, SSH and HTTP by checking open ports and other processes related to other bots, use Telnet brute-force login to spread, and perform a DoS attack. The key difference is OMG’s proxy function. Proxies are often used by cybercriminals to execute hacking and other malicious activities. Moreover, proxy servers can be profited from by selling access to other cybercriminals. The researchers noted that there are two distinct additions to the new variant, two new strings that add a firewall rule to allow traffic on two random ports.

Mirai (detected as ELF_MIRAI), which translates to “the future” in Japanese, is known for the damage it can cause. After its source code was released on a hacking forum in September 2016, it then turned into an open-source malware that is widely used and modified to become more potent.

Apart from OMG, variations of Mirai targeted high-profile websites such as Netflix, Reddit, Twitter, and Airbnb. In a separate attack, a Mirai botnet also caused a service outage to Deutsche Telekom customers when it attacked 900,000 home routers.

The main point of a Mirai attack is to allow cybercriminal authors to use privately-owned routers in their malicious activities without the knowledge of the owner. Such attacks can have dire consequences for its victims, which could also include enterprises. Businesses could deal with business disruptions, monetary loss, and even damaged brand reputations.

To mitigate Mirai and other similar threats, it’s best that home routers are secured. Here are several ways to avoid becoming a victim of similar attacks: 

  • Pick a reliable router.

Choose devices that have top-notch security features. Avoid routers included with internet plans and never buy used ones as these may contain malicious configurations. Plenty of commercially-available routers have built-in security features such as web threat protection and the ability to detect malicious network traffic.

  • Always change default passwords.

Remember to change the router’s default credentials. When picking a password for wireless access, choose one that is over 20 characters long. Also, make sure that you pick Wi-Fi Protected Access 2 (WPA2)-Advanced Encryption Standard (AES) as your home router’s encryption scheme.

  • Regularly update router firmware.

Home router manufacturers often package a router’s firmware with an OS, drivers, service daemons, management programs, and default configurations which require regular updating. Apply the latest patches and software updates provided by the vendor as unpatched vulnerabilities are an entry point for threats.

To learn more about how cybercriminals use home routers to carry out their malicious plans and how you can protect your network, read our guide Securing Your Home Routers: Understanding Attacks and Defense Strategies.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Posted in Internet of Things