2015-10-02
Rise of telnet attempts, maybe due to Linux.Wifatch?
I noticed a sharp rise in the firewall log entries for telnet attempts:dmesg | grep -c 'DPT=23 ' 176From all over the world. I was wondering until I read Is there an Internet-of-Things vigilante out there? - Symantec official blog. From the article:During our analysis we began to unveil some of Wifatch’s secrets. Most of Wifatch’s code is written in the Perl programming language and it targets several architectures and ships its own static Perl interpreter for each of them. Once a device is infected with the Wifatch, it connects to a peer-to-peer network that is used to distribute threat updates. The further we dug into Wifatch’s code the more we had the feeling that there was something unusual about this threat. For all intents and purposes it appeared like the author was trying to secure infected devices instead of using them for malicious activities.Entering some of the 'attacking' IP addresses into shodan.io gives me a report they are running vulnerable routersoftware such as 'Allegro RomPager'.