Security News > 2023 > October > Mirai DDoS malware variant expands targets with 13 router exploits
A Mirai-based DDoS malware botnet tracked as IZ1H9 has added thirteen new payloads to target Linux-based routers and routers from D-Link, Zyxel, TP-Link, TOTOLINK, and others.
IZ1H9 compromises devices to enlist them to its DDoS swarm and then launches DDoS attacks on specified targets, presumably on the order of clients renting its firepower.
The more devices and vulnerabilities targeted by a DDoS malware increased the potential to build a large and powerful botnet capable of delivering massive blows against websites.
Finally, the script modifies the device's iptables rules to obstruct connection on specific ports and make it harder to remove the malware from the device.
Mirai variant infects low-cost Android TV boxes for DDoS attacks.
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router.
- New botnet malware exploits two zero-days to infect NVRs and routers (source)
- Mirai malware infects routers and cameras for new botnet (source)
- Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks (source)
- Mirai reloads exploit arsenal as botnet embarks on another expansion drive (source)
- MATA malware framework exploits EDR in attacks on defense firms (source)
- Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw (source)
- Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits (source)