“BASHLITE”的意思、由来-开放百科全书

The original version in 2014 exploited a flaw in the bash shell - the Shellshock software bug - to exploit devices running BusyBox.^[4]^[5]^[6]^[7] A few months later a variant was detected that could also infect other vulnerable devices in the local network.^[8] In 2015 its source code was leaked, causing a proliferation of different variants,^[9] and by 2016 it was reported that one million devices have been infected.^[10]^[11]^[12]^[13]

Of the identifiable devices participating in these botnets in August 2016 almost 96 percent were IoT devices (of which 95 percent were cameras and DVRs), roughly 4 percent were home routers - and less than 1 percent were compromised Linux servers.^[9]

Design

BASHLITE is written in C, and designed to easily cross-compile to various computer architectures.^[9]

Exact capabilities differ between variants, but the most common features^[9] generate several different types of DDoS attacks: it can hold open TCP connections, send a random string of junk characters to a TCP or a UDP port, or repeatedly send TCP packets with specified flags. They may also have a mechanism to run arbitrary shell commands on the infected machine. There are no facilities for reflected or amplification attacks.

BASHLITE uses a client–server model for command and control. The protocol used for communication is essentially a lightweight version of Internet Relay Chat (IRC).^[14] Even though it supports multiple command and control servers, most variants only have a single command and control IP-address hardcoded.

It propagates via brute forcing, using a built-in dictionary of common usernames and passwords. The malware connects to random IP addresses and attempts to login, with successful logins reported back to the command and control server.

See also

References

1. ^{{cite web |url=http://news.Softpedia.com/news/there-s-a-120-000-strong-iot-ddos-botnet-lurking-around-507773.shtml |title=There's a 120,000-Strong IoT DDoS Botnet Lurking Around |website=Softpedia |date=30 August 2016 |accessdate=19 October 2016 |last=Cimpanu |first=Catalin}}
2. ^{{cite web |url=http://www.zdnet.com/article/first-attacks-using-shellshock-bash-bug-discovered/ |title=First attacks using shellshock Bash bug discovered |website=ZDNet |date=25 September 2014 |first=Liam |last=Tung |accessdate=25 September 2014}}
3. ^{{cite web |url=http://www.computerweekly.com/news/450299445/LizardStresser-IoT-botnet-launches-400Gbps-DDoS-attack |title=LizardStresser IoT botnet launches 400Gbps DDoS attack |last=Ashford |first=Warwick |date=30 June 2016 |website=Computer Weekly |accessdate=21 October 2016}}
4. ^{{cite web |url=http://www.securityweek.com/bashlite-malware-uses-shellshock-hijack-devices-running-busybox |title=BASHLITE Malware Uses ShellShock to Hijack Devices Running BusyBox |last=Kovacs |first=Eduard |date=14 November 2014 |website=SecurityWeek.com |accessdate=21 October 2016}}
5. ^{{cite web |url=http://thehackernews.com/2014/11/bashlite-malware-leverages-shellshock.html |title=BASHLITE Malware leverages ShellShock Bug to Hijack Devices Running BusyBox |last=Khandelwal |first=Swati |date=November 17, 2014 |website=The Hacker News |accessdate=21 October 2016}}
6. ^{{cite web |url=http://securityaffairs.co/wordpress/30225/cyber-crime/bashlite-exploits-shellshock.html |title=A new BASHLITE variant infects devices running BusyBox |last=Paganini |first=Pierluigi |date=16 November 2014 |website=Security Affairs |accessdate=21 October 2016}}
7. ^{{cite web |url=http://blog.trendmicro.com/trendlabs-security-intelligence/bash-vulnerability-shellshock-exploit-emerges-in-the-wild-leads-to-flooder/ |title=Bash Vulnerability (Shellshock) Exploit Emerges in the Wild, Leads to BASHLITE Malware |date=25 September 2014 |website=Trend Micro |accessdate=19 March 2017}}
8. ^{{cite web |url=http://blog.trendmicro.com/trendlabs-security-intelligence/bashlite-affects-devices-running-on-busybox/ |title=BASHLITE Affects Devices Running on BusyBox |last=Inocencio |first=Rhena |date=13 November 2014 |website=Trend Micro |accessdate=21 October 2016 }}
9. ^¹²³{{cite web |url=http://blog.level3.com/security/attack-of-things/ |title=Attack of Things! |date=25 August 2016 |website=Level 3 Threat Research Labs |accessdate=6 November 2016}}
10. ^{{cite magazine |url=http://fullcirclemagazine.org/2016/09/04/bashlite-malware-turning-millions-of-linux-based-iot-devices-into-ddos-botnet/ |title=BASHLITE malware turning millions of Linux Based IoT Devices into DDoS botnet |date=4 September 2016 |magazine=Full Circle |accessdate=21 October 2016}}
11. ^{{cite magazine |url=http://www.scmagazine.com/millions-of-iot-devices-enlisted-into-ddos-bots-with-bashlite-malware/article/519741/ |title=Millions of IoT devices enlisted into DDoS bots with Bashlite malware |last=Masters |first=Greg |date=31 August 2016 |magazine=SC Magazine |accessdate=21 October 2016}}
12. ^{{cite web |url=https://threatpost.com/bashlite-family-of-malware-infects-1-million-iot-devices/120230/ |title=BASHLITE Family of Malware Infects 1 Million IoT Devices |date=30 August 2016 |last=Spring |first=Tom |website=Threatpost.com |accessdate=21 October 2016}}
13. ^{{cite web |url=http://www.securityweek.com/bashlite-botnets-ensnare-1-million-iot-devices |title=BASHLITE Botnets Ensnare 1 Million IoT Devices |last=Kovacs |first=Eduard |date=31 August 2016 |website=Security Week |accessdate=21 October 2016}}
14. ^{{cite web |url=https://www.arbornetworks.com/blog/asert/lizard-brain-lizardstresser/ |title=The Lizard Brain of LizardStresser |date=29 June 2016 |first=Matthew |last=Bing |website=Arbor Networks |accessdate=6 November 2016}}