News has broken of a new malware family called Linnux IRCTenet and is written in C++. The malware is aiming for Linux based IoT devices with the main purpose of adding those devices to a botnet and carrying out DDoS attacks. Mike Ahmadi, Global Director – Critical Systems Security at Synopsys commented below.
Mike Ahmadi, Global Director – Critical Systems Security at Synopsys:
“It is not at all surprising that a new exploit targeting these devices has been discovered, since many of these devices are built using open source third party libraries. When we apply software composition analysis tools to many of the most popular third-party software distributions, we often find known vulnerabilities that number in the hundreds, and sometimes in the thousands when looking at the total software build found on IoT devices. Unless builders of IoT devices incorporate more rigorous vulnerability detection and management practices into their development process, we can expect more of this malware botnet free for all to occur.”