BrickerBot malware renders iot devices virtually useless

Security firm Radware has discovered a new malware variant, which it has named BrickerBot. The malicious software infects Internet-of-things devices and renders them virtually unusable.

These are so-called pdos attacks, which stands for ‘permanent denial of service’, according to the company. This form of attack is also known as phlashing. For example, in the case of BrickerBot, the malware executes several fdisk commands that lead to a file system corruption by writing random bits, then disconnects from the Internet and reduces the number of kernel threads to 1. This makes the infected system slow and difficult to use.

BrickerBot is distributed in the same way as the Mirai malware, namely by brute force telnet access. According to Radware, two botnets are active that are spreading the malware. The first, called BrickerBot1, showed a lot of activity for a short period of time. The second botnet showed less activity and used traffic coming from Tor exit nodes. Over a period of four days, the Radware honeypots registered a total of 1,895 pdos attempts by BrickerBot1 from a few IP addresses around the world.

The second botnet returned 333 pdos attempts and uses anomalous commands after infection. The malware targets devices that run Linux or BusyBox and have an open telnet port. It is not clear who is responsible for the BrickerBot attacks. In the case of Mirai, infected devices can still be used for DDoS attacks as part of a botnet. BrickerBot, however, does nothing but damage the devices, making the attacks look like a ‘clean-up’. A researcher developed a “benign worm” in October to fight the Mirai botnet.

BrickerBot1 Commands