New Destructive Malware Intentionally Bricks IoT Devices (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

New Destructive Malware Intentionally Bricks IoT Devices (bleepingcomputer.com)

Posted by BeauHD on Thursday April 6, 2017 @10:40AM from the vigilante-justice dept.

An anonymous reader writes: "A new malware strain called BrickerBot is intentionally bricking Internet of Things (IoT) devices around the world by corrupting their flash storage capability and reconfiguring kernel parameters. The malware spreads by launching brute-force attacks on IoT (BusyBox-based) devices with open Telnet ports. After BrickerBot attacks, device owners often have to reinstall the device's firmware, or in some cases, replace the device entirely. Attacks started on March 20, and two versions have been seen. One malware strain launches attacks from hijacked Ubiquiti devices, while the second, more advanced, is hidden behind Tor exit nodes. Several security researchers believe this is the work of an internet vigilante fed up with the amount of insecure IoT devices connected to the internet and used for DDoS attacks. "Wow. That's pretty nasty," said Cybereason security researcher Amit Serper after Bleeping Computer showed him Radware's security alert. "They're just bricking it for the sake of bricking it. [They're] deliberately destroying the device."

8 of 163 comments (clear)

Min score:

Reason:

Sort:

I commend the effort... by Anonymous Coward · 2017-04-06 10:43 · Score: 5, Insightful

carry on.
Sledgehammer approach. by mlheur · 2017-04-06 10:44 · Score: 5, Informative

Despite how malicious this is, I'm oddly OK with it.
1. Re:Sledgehammer approach. by rgmoore · 2017-04-06 12:23 · Score: 5, Insightful
  
  I can break into your house because it's not secure enough. Is that OK too?
  If the house has already been taken over by a criminal gang, it's a different matter. That's a better analogy with a lot of these insecure IoT devices. They aren't just sitting there innocently; if they're vulnerable to being shut down by this malware, they're also vulnerable to being taken over by botnets. This is not just a theoretical worry; some of the big recent DDOS attacks have been by IoT device botnets.
  
  --
  There's no point in questioning authority if you aren't going to listen to the answers.
Crowdfund? by Anonymous Coward · 2017-04-06 10:47 · Score: 5, Funny

Where is the kickstarter or indiegogo page for this project? I can't find it.
Was already broken by bhetrick · 2017-04-06 11:20 · Score: 5, Insightful

These devices were already broken. Now they are non-functional as well.
Re:We knew it was coming... by Zaelath · 2017-04-06 11:24 · Score: 5, Insightful

Better than the two women that got killed because their insecure garage door opener let the maniac in.
And so.. by ACE209 · 2017-04-06 12:39 · Score: 5, Insightful

..the Internet developed antibodies.

--
"we are all atheists about most of the gods that societies have ever believed in. Some of us just go one god further."
Carry on... by monkeyzoo · 2017-04-06 13:31 · Score: 5, Interesting

... for the greater good:
1) protect individuals and society from the harms of shoddy IOT devices.
2) punish the companies producing them and create economic imperatives to design in security.