Mozi, the threat that combines three malware
A group of security researchers from CenturyLink has detected a new threat called Mozi. It is a combination of three different previously known malware that directly attack devices of what is known as the Internet of Things.
These Mazi-infected devices they form a botnet that can be used to carry out DDoS attacks, collect data and steal information. From CenturyLink they do not know if this botnet has been used or not for what we comment.
Mozi has source code for Gafgyt, Mirai and IoT Reaper. These are malware families that have targeted IoT devices. As with these older IoT malware strains, Mozi also primarily targets home routers and devices that are not properly patched or have weak or default passwords.
The main difference from previous threats is that they had a centralized command and control infrastructure and now Mozi-infected devices have come together to form a P2P botnet.
This brings important changes and that is that the Mozi botnet is, therefore, more difficult to eliminate in its entirety. So believes Michael Benjamin, a member of CenturyLink. When the command and control function of a botnet is centralized to a single server or even a handful of them, the botnet can be disabled by targeting those servers.
This is more complicated being a P2P botnet. There is no single point to remove the entire botnet completely. Mozi is a major threat to businesses due to its resilience and the large number of devices it can infect.
CenturyLink discovered Mozi months ago
It should be mentioned that CenturyLink discovered the Mozi threat in December. From the beginning they saw that it had a link with IoT Reaper. Later, and seeing that they shared code, they also linked it with a variant of Mirai and Gafgyt.
Mozi has grown to have more than 2,200 nodes in the month of February. From there the figure began to gradually decrease. CenturyLink estimates that in the last four months, malware has compromised around 15,850 IoT devices. This has affected several countries.
Experts indicate that this botnet is not large enough to carry out DDoS attacks but is large enough to be a concern.
DDoS attacks are very present on the network. They can compromise the security and reliability of the devices. We leave you an article where we talk about the most important DDoS attacks.