The Amnesia Botnet malware is classified as an advanced threat to IoT networks. The Amnesia Botnet was discovered in March 2016 and proved to be a modified variant of the Tsunami Botnet Trojan. The Amnesia Botnet attracted a lot of attention due to its ability to check if the Linux environment it inhabits is a virtual machine powered by software like VirtualBox, VMware and QEMU. VM detection is not a novelty in malware designed to run on Windows, but the Amnesia Botnet is the first to do it on Linux. Interestingly, the malware deletes all data on the compromised device if it detects debugging tools and markers of a running VM.
The Amnesia Botnet is designed to infect DVR (Digital Video Recorder) setups primarily. The Amnesia Botnet appears to be aimed at a particular DVR manufacturer called ‘TVT Digital’ that supplies hardware to more than seventy vendors worldwide. The Amnesia Botnet exploits a known vulnerability in the firmware of devices made by ‘TVT Digital’ to install itself and empower third parties to launch DDoS attacks. The threat is believed to be developed by a small team that uses already compromised machines to scan larger and larger parts of the Internet. That way the Amnesia Botnet can expand perpetually as long as there are poorly protected IoT devices and users who forgot to install the latest firmware update.
The network bandwidth of infected devices is exploited by the Amnesia Botnet actors to run DDoS (Distributed Denial of Service) attacks on various targets ranging from small companies to media platforms like Netflix and YouTube. The Amnesia Botnet is programmed to save and run a shell script on the infected host and allow unauthorized access. The IoT devices in the Amnesia Botnet are repurposed to listen to instructions from the ‘Command and Control’ servers operated by the same people behind the Amnesia Botnet. Threat actors looking to buy DDoS power and hide their Web traffic from computer security vendors can contact the Amnesia Botnet team and pay to have access to their devices. The Amnesia Botnet is best known for sending torrents of data requests via HTTP flooding and UDP flooding. Server administrators are advised to employ reliable DDoS mitigation techniques. IoT users are encouraged to perform regular updates and security scans to limit the spread of the Amnesia Botnet.