Bashlight Botnet

Bashlight is an IoT Trojan which works similar to Mirai i.e. it targets devices via Telnet (port 23) by brute forcing the default credentials from a hard-coded table. The source code for this Trojan is written in C++. This botnet is controlled by its C&C servers which communicate to infected devices via IRC channels.

Bashlight does not encrypt communications back to its controlling server, while Mirai does encrypt its communications. Also later versions of Mirai included functionality to remove its rival botnet’s code from the infected devices and prevent them from infecting them back again. Bashlight holds a network of more than 9,60,000 infected bots and several of them (nearly 80,000) has been seized by Mirai.

A security company Level 3 identified that IP cameras manufactured by Dahua as one of the most commonly compromised devices making up of these botnets. It is highly likely that hackers will use devices infected with Mirai and Bashlight for DDoS attacks. As of October 2016 Bashlight botnet is controlled by around 200 command and control servers which in turn are managed  by a dozen hackers.

 

References:

  • https://arstechnica.com/information-technology/2016/10/brace-yourselves-source-code-powering-potent-iot-ddoses-just-went-public/
  • http://raleigh.issa.org/wp-content/uploads/2017/04/CTS-155-Project-LizardStresser-Malware-Analysis_KG_post-edit.pdf
  • https://krebsonsecurity.com/tag/bashlight/
  • https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/

Leave a Reply

Your email address will not be published. Required fields are marked *