The first variant of BASHLITE, detected as ELF_BASHLITE.A (ELF_FLOODER.W), was spotted by Trend Micro shortly after the existence of the ShellShock bug came to light. The threat, which was the payload of the ShellShock exploit code, had been used to launch distributed denial-of-service (DDoS) attacks.
ELF_BASHLITE.A checked to see if infected devices were running BusyBox, a set of programs needed to run a Linux system. BusyBox is designed for embedded operating systems such as the ones running on routers.
A newer version of BASHLITE spotted by Trend Micro researchers (ELF_BASHLITE.SMB) is designed not only to identify systems running BusyBox, but to also hijack them.
The malware first scans the network for BusyBox devices and attempts to access them by using a predefined list of usernames and passwords. The list of passwords includes “root,” “admin,” “12345,” “pass,” “password” and “123456.”
Source:https://www.securityweek.com/bashlite-malware-uses-shellshock-hijack-devices-running-busybox
Trabajando como arquitecto de soluciones de ciberseguridad, Alisa se enfoca en la protección de datos y la seguridad de datos empresariales. Antes de unirse a nosotros, ocupó varios puestos de investigador de ciberseguridad dentro de una variedad de empresas de seguridad cibernética. También tiene experiencia en diferentes industrias como finanzas, salud médica y reconocimiento facial.
Envía tips de noticias a info@noticiasseguridad.com o www.instagram.com/iicsorg/
También puedes encontrarnos en Telegram www.t.me/noticiasciberseguridad
