Hello and welcome to the Tuesday, February 20th,

2004 edition of the Sands and its Storm Center's Stormcast. My name is Johannes Ulrich,

and today I'm recording from Jacksonville, Florida. Today we have another diary from one of

our undergraduate interns, Raphael Larius, is in our backs program. And, well, he's looking at

an old favorite, and that's the Marai Botnet. The Mariah Bartnet originally developed in 2016,

has been taken down multiple times. The original authors have been arrested and convicted,

if I remember correctly.

But truth being told, Mirai is not just one botnet. It's now a huge family of botnets

that all have their own little quirks, their own exploits. This particular one has a couple of

relatively recent exploits. This particular one has a couple of relatively recent exploits from 2023 that

Rafael spotted in the spot net. Other net, what really sort of makes Mirai, Mirai, in my opinion,

is that it has this very efficient S-Sage brute. Proofforce engine and Telnet proof force engine.

And then also that it does use this echo trick to then transfer binaries to the vulnerable system.

They're sort of, in my opinion, at least, some of the key properties that sort of identify

Mirai.

Others may have a little bit other opinions about this.

And of course, sometimes you now also see some of the members of that family being called

by their own and different names.

And last week I talked about the key trap vulnerability.

That's the key trap vulnerability.

That's the DNS sec vulnerability that allows you to shut down many popular bind and unbound resolvers.

Thanks to researchers, Tepe Fukuda, we now have a proof of concept exploit that has been made public as a series of Docker containers in GitHub. The real critical part of the exploit, if you don't want to

...