Rise of telnet attempts, maybe due to Linux.Wifatch? / 2015-10-02

2015-10-02 Rise of telnet attempts, maybe due to Linux.Wifatch?
I noticed a sharp rise in the firewall log entries for telnet attempts:
dmesg | grep -c 'DPT=23 '
From all over the world. I was wondering until I read Is there an Internet-of-Things vigilante out there? - Symantec official blog.

From the article:
During our analysis we began to unveil some of Wifatch’s secrets. Most of Wifatch’s code is written in the Perl programming language and it targets several architectures and ships its own static Perl interpreter for each of them. Once a device is infected with the Wifatch, it connects to a peer-to-peer network that is used to distribute threat updates.

The further we dug into Wifatch’s code the more we had the feeling that there was something unusual about this threat. For all intents and purposes it appeared like the author was trying to secure infected devices instead of using them for malicious activities.
Entering some of the 'attacking' IP addresses into shodan.io gives me a report they are running vulnerable routersoftware such as 'Allegro RomPager'.

Tags: , ,

IPv6 check

Running test...
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newsitem.cgi,v 1.58 2022/12/12 15:34:31 koos Exp $ in 0.009736 seconds.