DeepAI AI Chat
Log In Sign Up

Devils in the Clouds: An Evolutionary Study of Telnet Bot Loaders

by   Yuhui Zhu, et al.

One of the innovations brought by Mirai and its derived malware is the adoption of self-contained loaders for infecting IoT devices and recruiting them in botnets. Functionally decoupled from other botnet components and not embedded in the payload, loaders cannot be analysed using conventional approaches that rely on honeypots for capturing samples. Different approaches are necessary for studying the loaders evolution and defining a genealogy. To address the insufficient knowledge about loaders' lineage in existing studies, in this paper, we propose a semantic-aware method to measure, categorize, and compare different loader servers, with the goal of highlighting their evolution, independent from the payload evolution. Leveraging behavior-based metrics, we cluster the discovered loaders and define eight families to determine the genealogy and draw a homology map. Our study shows that the source code of Mirai is evolving and spawning new botnets with new capabilities, both on the client side and the server side. In turn, shedding light on the infection loaders can help the cybersecurity community to improve detection and prevention tools.


page 1

page 2

page 3

page 4


EDIMA: Early Detection of IoT Malware Network Activity Using Machine Learning Techniques

The widespread adoption of Internet of Things has led to many security i...

Testing And Hardening IoT Devices Against the Mirai Botnet

A large majority of cheap Internet of Things (IoT) devices that arrive b...

Lightweight Classification of IoT Malware based on Image Recognition

The Internet of Things (IoT) is an extension of the traditional Internet...

Mining Function Homology of Bot Loaders from Honeypot Logs

Self-contained loaders are widely adopted in botnets for injecting loadi...

Embedded System Evolution in IoT System Development Based on MAPE-K Loop Mechanism

Embedded systems including IoT devices are designed for specialized func...

Analyzing "Not-a-Virus" Bundled Adware: The Wajam Case

Case studies on malicious code mostly focus on botnets and worms (recent...

An Automated and Comprehensive Framework for IoT Botnet Detection and Analysis (IoT-BDA)

The proliferation of insecure Internet-connected devices gave rise to th...