Global InformationBASHLITE information
| Technical name | As BashLite
As Gafgyt
As QBot
As PinkSlip
|
|---|---|
| Aliases | Gafgyt, Lizkebab, PinkSlip, Qbot, Torlus, LizardStresser |
| Type | Botnet |
| Author(s) | Lizard Squad |
| Operating system(s) affected | Linux |
| Written in | C |
BASHLITE (also known as Gafgyt, Lizkebab, PinkSlip, Qbot, Torlus and LizardStresser) is malware which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS).[1] Originally it was also known under the name Bashdoor,[2] but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.[3]
The original version in 2014 exploited a flaw in the bash shell - the Shellshock software bug - to exploit devices running BusyBox.[4][5][6][7] A few months later a variant was detected that could also infect other vulnerable devices in the local network.[8] In 2015 its source code was leaked, causing a proliferation of different variants,[9] and by 2016 it was reported that one million devices have been infected.[10][11][12][13]
Of the identifiable devices participating in these botnets in August 2016 almost 96 percent were IoT devices (of which 95 percent were cameras and DVRs), roughly 4 percent were home routers - and less than 1 percent were compromised Linux servers.[9]
- ^ Cimpanu, Catalin (30 August 2016). "There's a 120,000-Strong IoT DDoS Botnet Lurking Around". Softpedia. Retrieved 19 October 2016.
- ^ Tung, Liam (25 September 2014). "First attacks using shellshock Bash bug discovered". ZDNet. Retrieved 25 September 2014.
- ^ Ashford, Warwick (30 June 2016). "LizardStresser IoT botnet launches 400Gbps DDoS attack". Computer Weekly. Retrieved 21 October 2016.
- ^ Kovacs, Eduard (14 November 2014). "BASHLITE Malware Uses ShellShock to Hijack Devices Running BusyBox". SecurityWeek.com. Retrieved 21 October 2016.
- ^ Khandelwal, Swati (November 17, 2014). "BASHLITE Malware leverages ShellShock Bug to Hijack Devices Running BusyBox". The Hacker News. Retrieved 21 October 2016.
- ^ Paganini, Pierluigi (16 November 2014). "A new BASHLITE variant infects devices running BusyBox". Security Affairs. Retrieved 21 October 2016.
- ^ "Bash Vulnerability (Shellshock) Exploit Emerges in the Wild, Leads to BASHLITE Malware". Trend Micro. 25 September 2014. Retrieved 19 March 2017.
- ^ Inocencio, Rhena (13 November 2014). "BASHLITE Affects Devices Running on BusyBox". Trend Micro. Retrieved 21 October 2016.
- ^ a b "Attack of Things!". Level 3 Threat Research Labs. 25 August 2016. Archived from the original on 3 October 2016. Retrieved 6 November 2016.
- ^ "BASHLITE malware turning millions of Linux Based IoT Devices into DDoS botnet". Full Circle. 4 September 2016. Archived from the original on 22 October 2016. Retrieved 21 October 2016.
- ^ Masters, Greg (31 August 2016). "Millions of IoT devices enlisted into DDoS bots with Bashlite malware". SC Magazine. Retrieved 21 October 2016.
- ^ Spring, Tom (30 August 2016). "BASHLITE Family of Malware Infects 1 Million IoT Devices". Threatpost.com. Retrieved 21 October 2016.
- ^ Kovacs, Eduard (31 August 2016). "BASHLITE Botnets Ensnare 1 Million IoT Devices". Security Week. Retrieved 21 October 2016.