Beruflich Dokumente
Kultur Dokumente
Tal como explican los responsables de esta empresa de seguridad, este malware
tiene un objetivo concreto: el Raspberry Pi. Linux.MulDrop.14 funciona de forma
similar a cualquier otro gusano, como Mirai, y es que este malware utiliza los
dispositivos ya infectados para buscar en la red cualquier otro Raspberry Pi mal
configurado que tenga habilitado el puerto SSH sin cambiar los credenciales por
defecto (pi/raspberry) y se conecta a l de forma remota para dar lugar a la
infeccin.
Una vez que este malware se instala en los dispositivos, lo primero que hace es
cambiar la contrasea del usuario pi por una ms compleja (que os dejamos a
continuacin, en caso de necesitarla) para evitar que el dueo del dispositivo
pueda volver a conectarse a l. Hecho todo esto, el malware arranca su software
de minado y empieza ya a trabajar en minar esta criptomoneda.
Cmo protegernos del malware Linux.MulDrop.14 que infecta a los Raspberry Pi
Como hemos dicho, este malware busca las vctimas a travs de Internet y se
conecta a ellas por el protocolo SSH utilizando los credenciales por defecto:
usuario pi y contrasea raspberry. Por ello, la mejor y ms sencilla forma de
protegernos de este malware es directamente cambiando la contrasea por
defecto de manera que el malware no pueda conectarse a nuestro dispositivo.
De todas formas, los expertos de seguridad estn seguros de que este malware
an se encuentra en fase beta, y que en breve podra incluir una mayor
variedad de usuarios y contraseas (basados en diccionarios, e incluso por
fuerza bruta).
Segn varios estudios, la botnet Mirai tiene cerca de 2.5 millones de bots
controlados por los piratas informticos, sin embargo, debido a la limitada
potencia de los mismos (cmaras de seguridad, DVR, routers y otros dispositivos
IoT), si esta botnet se dedicara (como intent) a minar Bitcoin, con los 2.5
millones de dispositivos trabajando a la vez solo conseguira 0.25 dlares al da.
The Russian security company "Dr. Web "has just discovered a new malware for
Linux called" Linux.MulDrop.14 ". According to this security company, this
malicious software was detected for the first time in the second half of May of this
same year hidden in a script that downloaded a compressed and encrypted file,
making detection, study and identification difficult until now.
As explained by those responsible for this security company, this malware has a
specific goal: the Raspberry Pi. Linux.MulDrop.14 works similarly to any other
worm, such as Mirai, and is that this malware uses infected devices to search the
network for any other badly configured Raspberry Pi that has the SSH port
enabled without changing the default credentials (Pi / raspberry) and is connected
to it remotely to give rise to infection.
This malware, walks more to the victim device, terminates several essential
processes of the operating system it uses and also installs a series of libraries for
its own use as ZMap (to search for new victims via the Internet) and sshpass, in
addition to its Bitcoin's own mining software, among others.
Once this malware is installed on the devices, the first thing is to change the
password of the user "pi" to a more complex one (which we leave below if
necessary) to prevent the owner of the device can return to Connect to it. Having
done all this, malware starts up its mining software and begins to work on mining
this criptomoneda.
As we have said, this malware searches for victims via the Internet and connects
to them via the SSH protocol using the default credentials: user "pi" and password
"raspberry". Therefore, the best and easiest way to protect ourselves from this
malware is by directly changing the default password so that malware can not
connect to our device.
In case of being infected by this malware, the SSH access password to be able
to connect us back to our device and, for example, to disinfect it is: \ $ 6 \ $
U1Nu9qCp \ $
FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmE
H95POvxPQ3PzP029yT1L3yi6K1
However, security experts are confident that this malware is still in beta, and that
it could soon include a greater variety of users and passwords (based on
dictionaries, and even by brute force).
According to several studies, the Mirai botnet has about 2.5 million bots controlled
by hackers, however, due to limited power (security cameras, DVRs, routers and
other IoT devices), if this botnet was dedicated (As he tried) to undermine Bitcoin,
with 2.5 million devices working at once would only get 0.25 dollars a day.