ifding/iot-malware ifding/iot-malware

  • Stars
    star
    281
  • Rank 146,149 (Top 3 %)
  • Language
    C
  • Created over 7 years ago
  • Updated over 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ifding/iot-malware
github

ifding

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Malware source code samples leaked online uploaded to GitHub for those who want to analyze the code

IoT Malware

If you find this repo useful in your research, please consider citing:

@misc{iot-malware-2017,
  author = {Fei Ding},
  title = {IoT Malware},
  year = {2017},
  howpublished = {\url{https://github.com/ifding/iot-malware}}
}

@inproceedings{ding2020deeppower,
  title={DeepPower: Non-intrusive and Deep Learning-based Detection of IoT Malware Using Power Side Channels},
  author={Ding, Fei and Li, Hongda and Luo, Feng and Hu, Hongxin and Cheng, Long and Xiao, Hai and Ge, Rong},
  booktitle={Proceedings of the 15th ACM Asia Conference on Computer and Communications Security},
  pages={33--46},
  year={2020}
}

I'm not the author of any of the code available here. This repository contains malware source code samples leaked online (and found in multiple other sources), I uploaded it to GitHub to simplify the process of those who want to analyze the code.

Any actions and/or activities related to the material contained within this repository is solely your responsability. Misuse of the information in this repository can result in criminal charges being brought against the persons in question. I will not be held responsible in the event any criminal charges are brought against any individuals misuing the code in this repository to break the law.

This repository does not promote any hacking related activity. All the information in this repository is for educational purposes only.

Evolution

The list of IoT botnet malwares discussed below is not complete:

  • Linux/Hydra is the earliest known malware targeting IoT devices. It is an open source botnet framework released in 2008. It was designed for extensibility and features both a spreading mechanism and DDoS functionality.

  • LightAidra/Aidra is a IRC-based mass scanning and exploitation tool support on several architectures, namely MIPS, MIPSSEL, ARM, PPC, x86/86-64 and SuperH. Malware is designed to search open telnet ports that could be accessed using known default credentials. The source code of LightAidra is freely available on the Internet as open source project.

  • Linux.Wifatch is an open-source malware which infects the IoT devices with weak or default credentials. Once infected, it removes other malwares and disables telnet access while logging the message "Telnet has been closed to avoid further infection of theis device. Please disable telnet, change telnet passwords, and/or update the firmware." in the device logs. Wifatch uses peer-to-peer network to update the malware definition and deletes remnants of malware which remain in the IoT devices.

  • BASHLIFE/Lizkebab/Torlus/gafgyt is one of the popular malware which infects Linux based IoT devices to launch DDoS attacks. It was reported that BASHLIFE is responsible for enslaving over 1 million IoT devices, constituting mostly of Internet enabled cameras and DVRs. It is capable of launching attack of up to 400 Gpbs. Most BASHLIFE attacks are simple UDP, TCP floods and HTTP attacks. BASHLIFE infect a IoT device by brute-forcing its telnet access using known default credentials. One interesting aspect of BASHLIFE is that malware payload deployed in IoT devices has the BASHLIFE's C2s IP addresses hard-coded into it and are easier to monitor. Most of the infected devices are located in Taiwan, Brazil and Columbia. The source code of BASHLIFE was partly leaked in early 2015 and has led to many variants. BASHLIFE is considered the predecessor of Mirai and is in direct competition for vulnerable IoT real estate.

  • Mirai is one of the most predominant DDoS IoT botnet in recent times. Mirai means "the future" in Janpanese. Mirai botnet is definitely the next step in IoT DDoS malwares, however not as sophisticated as Remaiten but most effective. Mirai botnet is famous for being used in the record breaking 1.1Tbps DDoS attack with 148000 IoT devices. Mirai targets mostly CCTV cameras, DVRs, and hoem routers. Since the release of the Mirai source code, the number of IoT infected devices has increased from 213000 to 483000 in just two weeks. Mirai generates floods of GRE IP, GRE ETH, SYN and ACK, STOMP, DNS, UDP, or HTTP traffic against a target during a DDoS attack. More recently, Mirai has been found to be enhanced to infect Windows devices, helping hackers hijack even more devices. This enhanced Mirai could also identify and compromise database services like MySQL and Microsoft SQL running on different ports to create new admin "phpminds" with the password "phpgodwith" allowing the hackers to steal the database. The awareness of IoT botnets in recent times attributes to Mirai and the volume of traffic generated during its DDoS attacks.

Disclaimer

This repository is for research purposes only, the use of this code is your responsibility.

I take NO responsibility and/or liability for how you choose to use any of the source code available here. By using any of the files available in this repository, you understand that you are AGREEING TO USE AT YOUR OWN RISK. Once again, ALL files available here are for EDUCATION and/or RESEARCH purposes ONLY.

More Repositories

1

radare2-tutorial

Reverse Engineering using Radare2
C
306
star
2

graph-neural-networks

Graph Neural Networks for Quantum Chemistry
Python
124
star
3

learning-notes

Always Keep Learning
C++
47
star
4

useful-scripts

beautiful and useful scripts
Jupyter Notebook
46
star
5

ml-system-design

Machine Learning System Design
41
star
6

adversarial-examples

Adversarial Examples: Attacks and Defenses for Deep Learning
Jupyter Notebook
31
star
7

seq2seq-pytorch

Sequence to Sequence Models with PyTorch
Jupyter Notebook
27
star
8

deep-learning-python

Deep Learning using Python/C++/OpenCV
Python
18
star
9

iot

IoT device: Hardware & Firmware
C
18
star
10

wavenet-speech-to-text

A PyTorch implementation of speech recognition based on DeepMind's WaveNet
Python
18
star
11

DLKD

Source Code for "Dual-Level Knowledge Distillation via Knowledge Alignment and Correlation", TNNLS, https://ieeexplore.ieee.org/abstract/document/9830618
Python
11
star
12

flex-bison

flex & bison (Lexical Analysis and Parsing)
C++
9
star
13

iot-streaming

IoT Streaming using Flink to connect Kafka and Cassandra, Elastic
Java
8
star
14

uhgr

[MLG 2020] Unsupervised Hierarchical Graph Representation Learning by Mutual Information Maximization (https://arxiv.org/abs/2003.08420)
Python
5
star
15

protein-transformer

Transformer implementation of Protein Secondary Structure Prediction
Python
3
star
16

Infomax-pytorch

This is a simple pytorch implementation of Deep-INFOMAX
Python
3
star
17

async-chat

An asynchronous chat client and server with detailed comments
Rust
2
star
18

pdf_to_txt

Detect tables from images and run OCR on the cells.
Python
2
star
19

hadoopOnGeni

Geni users to create Hadoop and Spark profile on CloudLab
Shell
1
star
20

openwrt-packages

Packages for OpenWRT
C
1
star
21

generative-models

Tensorflow 2.0 implementation of generative models, e.g. VAE, GAN
Python
1
star
22

mini-kv

A mini kv database demo that using simplified Bitcask
Rust
1
star
23

DLS-Clustering

Clustering by Directly Disentangling Latent Space (https://arxiv.org/abs/1911.05210)
Python
1
star
24

ifding.github.io

A mini kv database demo that using simplified Bitcask
Rust
1
star