3、大规模僵尸网络Mirai控制服务器藏身Tor
标题:Massive Mirai Botnet Hides Its Control Servers On Tor
作者信息:Saturday December 17, 2016 06:34PM By the catch-me-if-you-can dept(霸气网名:有本事来抓我)
//BEGIN
"Following a failed takedown attempt, changes made to the Mirai malware variant responsible for building one of today's biggest botnets of IoT devices will make it incredibly harder for authorities and security firms to shut it down," reports Bleeping Computer. An anonymous reader writes:
Level3 and others" have been very close to taking down one of the biggest Mirai botnets around, the same one that attempted to knock the Internet offline in Liberia, and also hijacked 900,000 routers from German ISP Deutsche Telekom.The botnet narrowly escaped due to the fact that its maintainer, a hacker known as BestBuy, had implemented a domain-generation algorithm to generate random domain names where he hosted his servers.
差点被关闭的僵尸网络Mirai的运营者运用DGA随机生成域名的方法使得定位其寄生的域名比较困难。这个Mirai僵尸网络的事迹就不再宣传了。
//END
Currently, to avoid further takedown attempts from similar security firms, BestBuy has started moving the botnet's command and control servers to Tor. "It's all good now. We don't need to pay thousands to ISPs and hosting. All we need is one strong server," the hacker said. "Try to shut down .onion 'domains' over Tor," he boasted, knowing that nobody can.
当下,为了进一步逃避安全公司和执法部门的围追堵截,Mirai僵尸网络的运营者打算将其C&C服务器迁移到匿名网络TOR上。这样再要想关闭它就更加困难了。
点评:已经有人撰文称Mirai已死,不过目前看,还会垂死挣扎好一会。 |