Amnesia Botnet
Cybersecurity researchers believe that the Amnesia Botnet may be related to a previously known botnet that goes under the name ‘Tsunami.’ However, the new version appears to employ a broad range of new techniques that would allow it to evade virtualized environments, therefore making it more difficult for malware researchers to catch this campaign and analyze it automatically. Evasive techniques like this are employed by malware families commonly, but the Amnesia Botnet is one of the rare pieces of malware that target Linux devices exclusively and still employ virtual machine evasion features.
This particular botnet targets Internet-of-Things (IoT) devices primarily – in this case, its prime targets are several models of a popular Digital Video Recorder (DVR). These DVR models are affected by a critical vulnerability that was discovered in 2016, but over 227,000 devices are still running an outdated firmware version and are open to the Amnesia Botnet’s attack. It seems that the manufacturer of the vulnerable DVR model has not bothered to release a security patch for the threatening vulnerability. According to a report on the Amnesia Botnet’s activity, the countries with the largest number of vulnerable and infected devices are Taiwan, India and the United States.
If the Amnesia Botnet manages to test and infect a device successfully, it may obtain full control over the device’s features. This means that it can transfer files between the compromised system and the attacker’s server, as well as execute remote commands on the infiltrated DVR. This would allow the attackers to launch large-scale DDoS (Distributed-Denial-of-Service) attacks like the ones linked to the Mirai Botnet’s activity.
The Amnesia Botnet’s virtual box evasion techniques are meant to make life difficult for malware researchers. If the threat detects a simulated environment, it may use a series of Linux shell commands to delete itself immediately, and also attempt to wipe out vital Linux directories that may impair the operating system.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.