sb-as logo
Story image

Amnesia malware forms DVR botnet and wipes virtual machines

12 Apr 2017

Palo Alto Networks’ Unit 42 researchers have discovered a brand new variant of the “Tsunami” IoT and Linux botnet, dubbed “Amnesia”.

The new variant targets an unpatched remote code execution vulnerability in DVR devices made by TVT Digital and branded by more than 70 vendors worldwide.

That remote code execution vulnerability was made public more than a year ago, but seems to have never been patched. Amnesia can scan, find and attack vulnerable systems, eventually gaining full control of the device.

Around 227,000 devices worldwide have been exposed. In Asia Pacific, Unit 42 researchers say Taiwan, India and Malaysia are the most vulnerable.

Researchers believe the Amnesia malware is the first Linux malware to use virtual machine evasion techniques to defeat sandboxes.

The malware is able to detect if it is running on a VMware, VirtualBox or QEMU virtual machine. If successful, it will wipe the virtualised Linux system by deleting all files on the file system.

Researchers believe the malware’s author was deliberately trying to ‘cause trouble’ for security researchers by inserting a hard-coded but useless string in the code ‘fxxkwhitehats’.

The researchers say Amnesia hasn’t yet been used to conduct large scale attacks, but the Mirai botnet attacks show the potential for major damage to be done.

Researchers say that Amnesia presents key trends when it comes to IoT and Linux botnet threats, most notably that they can evade and wipe virtual machines.

In addition, IoT devices are inherently vulnerable to remote code execution vulnerabilities - particularly those that are produced by smaller manufacturers and have no patches on the market.

In addition, the Amnesia malware relies on hard coded C2 addresses. If these addresses are blocked, it could prevent another large-scale attack such as Mirai.

IoT/Linux malware targets and attacks known remote code execution vulnerabilities in IoT devices.

Story image
APAC organisations struggle to find balance between digital adoption and cybersecurity
Organisations in the Asia Pacific (APAC) region are significantly concerned about security threats, but nevertheless are looking to advance operations through digital adoption.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Story image
Five security challenges for the Enterprise of Things
Many enterprise networks aren't adequately managed, creating risk for businesses that don’t have full visibility into all of the devices on their network, writes Forescout regional director for A/NZ Rohan Langdon.More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Link image
Veeam launches ransomware prevention kit
Through a simple-by-design management console, users can easily achieve fast, flexible and reliable backup, recovery and replication for all your applications and data.More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More