Silex
Silex is a Trojan that wipes software on IoT devices and Linux servers for rendering them inoperable. Affected devices require a complete reinstallation of any firmware and backups are the only data-recovery solution for the contents of servers. However, users can protect themselves by avoiding factory-default or common-place login credentials and keeping anti-malware protection available for deleting Silex, if it makes its way to their PCs incidentally.
The Malice of a Teenager's Digital Eraser
Trojans that concern themselves with IoT devices, usually, travel with the intention of espionage or making money through building a widespread botnet, like Echobot or the DDoSing Gafgyt. A teenager by the alias of 'Light Leafon' is sending out an IoT-compromising Trojan with very different ideas, however. Silex, unlike most of its fellows, wants nothing more than the destruction of the device it infects, for reasons unknown.
There are two versions of Silex, so far: an ARMS architecture-compromising build, and a variant that runs on Linux and other, Unix-based systems, such as Web server machines. Both types of it spread the same way, by 'guessing' credentials and infecting targets that have factory-default or weak and guessable logins opportunistically. This functionality makes Silex a global threat to all inadequately-secured servers and IoT devices, and infections are spiking to the tens of thousands, as of June 25th, 2019.
Malware researchers confirm Silex's payload for being highly odd due to its destructiveness and lack of any for-profit or monitoring motivations. It uses multiple means of destroying data and device operability, including modifying removing the network config settings, firewall policies, and wiping file storage, before turning the device off. The attack is comprehensive sufficiently that owners of affected devices only can repair them by resetting the firmware, AKA, the permanent, read-only memory software.
The Password that's the One Thing Between You and a 'Bricked' Router
Since the consequences of a Silex infection form a natural tracks-erasing shield by removing all data, including any evidence of the Trojan's intrusion, many IoT owners may be incapable of recognizing the attack. Users can, however, protect both devices and relevant servers through keeping away from password and usernames that align with factory settings or other, widely-in-use strings like 'admin123.' Silex's campaign is infecting victims according to those who present themselves as being vulnerable, instead of isolating particular regions or using social engineering techniques like pirated downloads.
Network administrators can provide their networks with some degree of extra protection by using address filters with updates for blocking unsafe communications, which can prevent any brute-force attempts from the Silex campaign's Iranian IP address. Unix-running servers should, also, have actively-monitored port settings and close unnecessarily open Telnet ports for their security.
Silex is newly-identified as a threat, and users should update all security software for identifying infections with any accuracy. Although no variants of the Trojan are notable on, for example, Windows or Mac computers, if such a build does appear, users should uninstall Silex with dedicated anti-malware solutions.
If Silex is a joke, it's not a very good one. On the flipside, if it's for profit, the means of making money remains a mystery for everyone but Light Leafon.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.