Rise of telnet attempts, maybe due to Linux.Wifatch? / 2015-10-02

2015-10-02 Rise of telnet attempts, maybe due to Linux.Wifatch? 4 years ago
I noticed a sharp rise in the firewall log entries for telnet attempts:
dmesg | grep -c 'DPT=23 '
From all over the world. I was wondering until I read Is there an Internet-of-Things vigilante out there? - Symantec official blog.

From the article:
During our analysis we began to unveil some of Wifatch’s secrets. Most of Wifatch’s code is written in the Perl programming language and it targets several architectures and ships its own static Perl interpreter for each of them. Once a device is infected with the Wifatch, it connects to a peer-to-peer network that is used to distribute threat updates.

The further we dug into Wifatch’s code the more we had the feeling that there was something unusual about this threat. For all intents and purposes it appeared like the author was trying to secure infected devices instead of using them for malicious activities.
Entering some of the 'attacking' IP addresses into shodan.io gives me a report they are running vulnerable routersoftware such as 'Allegro RomPager'.

Tags: , ,

, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated in 0.004794 seconds.