Code Monkey home page Code Monkey logo

vinc3nt4h / iot-malware Goto Github PK

View Code? Open in Web Editor NEW

This project forked from ifding/iot-malware

0.0 1.0 0.0 21.94 MB

Malware source code samples leaked online uploaded to GitHub for those who want to analyze the code

Shell 1.65% C 86.59% Objective-C 0.06% Go 0.13% Makefile 2.75% HTML 1.66% Roff 1.12% Perl 0.68% C++ 3.64% CMake 0.62% M4 0.71% Batchfile 0.01% Yacc 0.13% Assembly 0.03% Lex 0.07% Python 0.05% Awk 0.01% JavaScript 0.02% XS 0.02% Raku 0.08%

iot-malware's Introduction

IoT Malware

I'm not the author of any of the code available here. This repository contains malware source code samples leaked online (and found in multiple other sources), I uploaded it to GitHub to simplify the process of those who want to analyze the code.

Any actions and/or activities related to the material contained within this repository is solely your responsability. Misuse of the information in this repository can result in criminal charges being brought against the persons in question. I will not be held responsible in the event any criminal charges are brought against any individuals misuing the code in this repository to break the law.

This repository does not promote any hacking related activity. All the information in this repository is for educational purposes only.

Evolution

The list of IoT botnet malwares discussed below is not complete:

  • Linux/Hydra is the earliest known malware targeting IoT devices. It is an open source botnet framework released in 2008. It was designed for extensibility and features both a spreading mechanism and DDoS functionality.

  • LightAidra/Aidra is a IRC-based mass scanning and exploitation tool support on several architectures, namely MIPS, MIPSSEL, ARM, PPC, x86/86-64 and SuperH. Malware is designed to search open telnet ports that could be accessed using known default credentials. The source code of LightAidra is freely available on the Internet as open source project.

  • Linux.Wifatch is an open-source malware which infects the IoT devices with weak or default credentials. Once infected, it removes other malwares and disables telnet access while logging the message "Telnet has been closed to avoid further infection of theis device. Please disable telnet, change telnet passwords, and/or update the firmware." in the device logs. Wifatch uses peer-to-peer network to update the malware definition and deletes remnants of malware which remain in the IoT devices.

  • BASHLIFE/Lizkebab/Torlus/gafgyt is one of the popular malware which infects Linux based IoT devices to launch DDoS attacks. It was reported that BASHLIFE is responsible for enslaving over 1 million IoT devices, constituting mostly of Internet enabled cameras and DVRs. It is capable of launching attack of up to 400 Gpbs. Most BASHLIFE attacks are simple UDP, TCP floods and HTTP attacks. BASHLIFE infect a IoT device by brute-forcing its telnet access using known default credentials. One interesting aspect of BASHLIFE is that malware payload deployed in IoT devices has the BASHLIFE's C2s IP addresses hard-coded into it and are easier to monitor. Most of the infected devices are located in Taiwan, Brazil and Columbia. The source code of BASHLIFE was partly leaked in early 2015 and has led to many variants. BASHLIFE is considered the predecessor of Mirai and is in direct competition for vulnerable IoT real estate.

  • Mirai is one of the most predominant DDoS IoT botnet in recent times. Mirai means "the future" in Janpanese. Mirai botnet is definitely the next step in IoT DDoS malwares, however not as sophisticated as Remaiten but most effective. Mirai botnet is famous for being used in the record breaking 1.1Tbps DDoS attack with 148000 IoT devices. Mirai targets mostly CCTV cameras, DVRs, and hoem routers. Since the release of the Mirai source code, the number of IoT infected devices has increased from 213000 to 483000 in just two weeks. Mirai generates floods of GRE IP, GRE ETH, SYN and ACK, STOMP, DNS, UDP, or HTTP traffic against a target during a DDoS attack. More recently, Mirai has been found to be enhanced to infect Windows devices, helping hackers hijack even more devices. This enhanced Mirai could also identify and compromise database services like MySQL and Microsoft SQL running on different ports to create new admin "phpminds" with the password "phpgodwith" allowing the hackers to steal the database. The awareness of IoT botnets in recent times attributes to Mirai and the volume of traffic generated during its DDoS attacks.

Disclaimer

This repository is for research purposes only, the use of this code is your responsibility.

I take NO responsibility and/or liability for how you choose to use any of the source code available here. By using any of the files available in this repository, you understand that you are AGREEING TO USE AT YOUR OWN RISK. Once again, ALL files available here are for EDUCATION and/or RESEARCH purposes ONLY.

Reference

@misc{iot-malware-2017,
  author = {Fei Ding},
  title = {IoT Malware},
  year = {2017},
  howpublished = {\url{https://github.com/ifding/iot-malware}}
}

iot-malware's People

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.