The evolution of Mirai could spell trouble for Windows business and home users

The infamous Mirai malware is now capable of targeting Windows systems, according to researchers at an antivirus firm. The original version of the malware was discovered in August 2016 and was used by cybercriminals to create botnets of infected Internet of Things (IoT) devices.

These botnets conducted distributed denial of service (DDoS) attacks against some rather large targets, says Richard Meeus, VP Technology at NSFOCUS IB, including internet infrastructure giant, DYN. In the latest development of Mirai, researchers at Dr. Web have shown that a Windows Trojan (Trojan.Mirai.1) is capable of targeting Windows systems, scanning them for evidence of connected devices running Linux, and laterally infecting those devices with the Mirai malware.

Richard Meeus
Richard Meeus

The use of Windows to distribute Mirai means that it has now established a foothold into private networks. Previously, IoT devices that were not connected directly to the Internet were not thought to be as heavily at risk as those that were. However, with the trojan’s ability to jump that gap, and due to the fact that Windows is ever-present in many homes and businesses, Mirai now has a new vehicle to infect even more devices.

Home users and businesses alike need to practice good security on any devices they bring into their home or office. Just because an IoT device doesn’t have a keyboard, doesn’t mean it is any less susceptible to hacks.

Whether it is a robot reading stories to children, a webcam designed to monitor your pets, or web enabled TVs in boardrooms, if they have connectivity to the Internet, they can be attacked.

Image-3People need to understand that as soon as they install a new device that is Wi-Fi enabled, they need to change the default password of that device. Mirai relies on a large table of IoT devices with known factory settings, including default passwords, so this is a simple and easy fix.

With the new variant targeting Windows, ensuring antivirus software is up-to-date is a must. Businesses should ensure their firewalls and edge security devices have the latest intelligence that includes signatures for the latest Mirai Malware.

malware2The Mirai strain of malware looks poised to become the ‘new normal’ for 2017. As such, home and business users alike must take proper precautions to ensure their devices are not participating in crippling DDoS attacks against others.

If residential and commercial users do not protect themselves from Mirai, they could see their IP address listed as “malicious” on threat intelligence feeds. Once your IP address(es) find their way onto these lists, it’s very difficult to get them removed.

The author of this blog is Richard Meeus, VP Technology at NSFOCUS IB

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

Recent Articles

Services firm ISS partners with Haltian to build smart facilities

Posted on: May 29, 2020

Facility services company ISS requires an Internet of Things (IoT) platform that is secure, reliable, and easily scaled and modified to customers’ needs. Finnish IoT and product development company Haltian has already been the main provider of IoT solutions for ISS Finland, and now the co-operation is to be extended globally.

Read more

‘0G’ in the management of epidemics

Posted on: May 28, 2020

The coronavirus epidemic has turned into a pandemic. The lack of hindsight and visibility in the face of increasing numbers of victims and the overloading of emergency services has led to the lockdown of half the planet. This containment impacts and will impact all economies, but even more so the economies of developing countries.

Read more