Few months back in 2016, Mirai was spotted as a linux virus and researched on it confirmed that it is a major threat to Internet of Things (IOT) technology. It can be used by cyber-criminals to bondage the IOT devices and then later use it as a bot to attack DDoS. After the successful attack, it deletes its existence from the device. Mirai Botnet has taken down highly reputed and giant websites including Amazon, Spotify, Soundcloud and so on. On global scale, there are more millions of infected devices by one or the other version of Mirai. Recently, the Russian based security expert had discovered its Windows version named as Trojan.Mirai.1. It can infect Windows based PC and look for the users networks. The vulnerable Linux based IOT devices which are connected to the infected Windows PC gets easily detected and thus Trojan.Mirai.1 uses Windows PC to force IOT for Mirai botnet bondage.
How does Trojan.Mirai.1 Works
As Trojan.Mirai.1 detected, the process to research on it began immediately. Once it gets inside the compromised PC, it waits for connecting with the control severs in order to download a configuration file which is used to extract the iP address list. Next, this virus scans network nodes of the configuration file and log into them using login and password present in the configuration file. It can check multiple TCP simultaneously. After connecting to a node, Trojan.Mirai.1 executes commands. While connecting to the suspected Linux device using Telnet Protocol, the malware executes a binary file which downloads Linux.Mirai Malware.
Trojan.Mirai.1 works are based on inter-process communication. It works silently and does all the malicious activities in the backdoor. The threat could be more severe than you imagine because it can use an existing MS SQL server to create a new Mssqla user and assign administrative privilege. This Trojan can execute multiple malicious commands simultaneously. The rebooting of device or similar stuff will not remove the malware present in it. For your security reasons, it is recommended to change the default password of your devices.