14-year-old boy develops new malware bricking nearly 4,000 devices

The new malware named Silexbot is a blunt tool used to destroy IoT devices. 

Discovered by senior security researcher at Akamai, Larry Cashdollar, Silexbot uses known default credentials for IoT devices to login and kill the system. 

It does this by first using a command to list all of the device’s partitions and then writes random data from dev/random to any mounted storage it finds. Silexbot then deletes network configurations and “flushes iptables and adds an additional rule that DROPS all connections, before finally halting the device”. Finally the device is stopped and then rebooted.

“Silexbot is targeting any Unix-like system with default login credentials. The binary captured targets ARM devices. Additional examinations reveal a Bash shell version available to download, which currently targets any architecture running a Unix-like OS.”

The message in the Silexbot code says:

“I am only here to prevent skids to flex their skidded botnet I am sorry for your device but it has to be done because all the skids claiming and thinking they are some god coder + people selling spots on botnets I am getting sick of it so yeah sorry.”

The teenaged has claimed to be located in Europe. 

Ben Seri, VP of research at Armis stated that the method used to take down the devices was one of the most basic. 

“The fact that despite this, the malware was able to brick a few thousand devices so quickly is a testament to how vulnerable IoT devices are. This experiment is a warning sign to how ransomware attacks may evolve. A ransomware that is designed to brick IoT devices unless a certain payout is given can become extremely dangerous.”

Silexbot has affected nearly 4,000 devices, and in order to recover the device, victims need to reinstall the device’s firmware. 

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.