Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A bug in Mirai code allows crashing C2 servers

Ankit Anubhav, a principal researcher at NewSky Security, explained how to exploit a vulnerability in the Mirai bot to crash it. Ankit Anubhav, a principal researcher at NewSky, explained how to exploit a trivial bug in the code of the Mirai bot, which is present in many of its variants, to crash it. The expert […]

Mirai bot bug

Ankit Anubhav, a principal researcher at NewSky Security, explained how to exploit a vulnerability in the Mirai bot to crash it.

Ankit Anubhav, a principal researcher at NewSky, explained how to exploit a trivial bug in the code of the Mirai bot, which is present in many of its variants, to crash it.

The expert pointed out that a Mirai C2 server crashes when someone connects it using as username a sequence of 1025+ “a” characters.

Mirai bot bug

Analyzing a part of the Mirai source code available on Github the experts noticed that the username is passed to the Readline custom function. This function declares a fixed buffer size length of 1024, for this reason, providing an input greater than 1024 will cause the module crashes.

Mirai bot bug 2

“Since a majority of IoT botnets even in 2019 are based of Mirai, this vulnerability has been passed out in many of the variants and is already used in full force among Blackhats. ” explained Ankit Anubhav.

Some threat actors in the wild are aware of this bug in Mirai code and used it to crash the C2 servers of the rivals,

“When we asked Scarface, an established IoT threat actor about it, he said “Yes,I have often used this to annoy script kiddies who sell botnet spots. The C2 stays down until the botnet owner realizes that the C2 is down and opens it again. I do think it is very relevant because if a script were to be made to check when the C2 is up and crash it continuously, it will make all Mirai based botnets pretty much useless.”

The expert concluded discouraging the practice of crashing all known C2 servers in a loop because it is illegal, instead, it suggests to report them to the police, CERTs and ISPs.

“A lot of enthusiastic white hats want to make the world of CyberSecurity safer. Some may think its useful to create a daemon service which keeps on crashing all known C2 servers in a loop. However, such practice of crashing all these Mirai type C2 servers may not be permitted according to local laws, even if one is disrupting malicious servers.” concludes
Ankit Anubhav. “Hence the best way to stop a server is not to take matter in your own hands, but to report the IP to the hosting provider, CERT or law enforcement, which many white hats are already doing rigorously.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Mirai, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]