Threat Database Malware Torii Botnet

Torii Botnet

By GoldSparrow in Malware

The Torii Botnet is a group of infected computers that are compromised using the Torii Botnet Trojan to carry out coordinated attacks. The Torii Botnet attacks seem to target devices connected to the Internet that go beyond computers. Some of the devices that may become a part of the Torii Botnet include refrigerators, garage doors, smart locks, and other appliances and devices that have Web connectivity. Criminals take advantage of weak passwords and outdated firmware to take over vulnerable devices and integrate them into the Torii Botnet. In most of the Torii Botnet attacks, the affected devices were compromised through a brute force attack that took advantage of poor password protection, such as easy to guess passwords or devices where the default password from the manufacturer was never changed.

The Torii Botnet Trojan and Associated Attacks

The attacks involving the Torii Botnet have been active since at least December of 2017. The Torii Botnet attacks use the TOR network to hide the origin of the attacks. The Torii Botnet uses digital certificates and free DLLs to prevent anti-virus programs from detecting the presence of malware associated with the Torii Botnet. The Torii Botnet also is capable of preventing the monitoring and interception of the data it exchanges with its Command and Control servers by using the XOR encryption and other obfuscation techniques. Affected computer users may often not realize that the Torii Botnet has compromised their devices because there may not be changes of behavior. Essentially, these devices will continue to operate as normal, but while they are not being used, the criminals will use their processors to carry out a variety of attacks.

How the Criminals can Use the Devices Compromised by the Torii Botnet

Once the Torii Botnet compromises a device and makes it become part of its attack, the criminals can issue a variety of commands to be executed on the infected device. There are many possibilities, but most devices compromised by the Torii Botnet are being used like most botnets of this type. The most common uses for these botnets include the execution of DDoS attacks and the affected devices sending spam email campaigns. The infected devices also can be used as proxies to hide the criminals' other activities. You should remember that for a device to become part of the Torii Botnet, the criminals will need to have access to it, which may allow them to use the infected devices to target the device's owner in some way directly.

What is the Objective of DDoS Attacks Such as those Associated with the Torii Botnet

DDoS attacks are among the most common ways in which criminals can leverage botnets such as the Torii Botnet. These attacks are designed to cause a Web server, website, or device to crash by overloading it with countless requests at the same time. While websites and online services are capable of handling traffic that is paced naturally, when thousands of devices start sending requests at the same time, these can overload a server and cause it to shut down, interrupting the service on the targeted website or online service. To be able to send the high-volume of requests involved in a DDoS attack, vast numbers of devices that can be coordinated, such as those involved in the Torii Botnet, are necessary. The large numbers of computers and devices that are part of the Torii Botnet also can be coordinated to send massive amounts of emails or carry out other coordinated attacks.

Protecting Your Devices from the Torii Botnet

Since the Torii Botnet can compromise the majority of devices as a result of poor passwords and security, the best protection against malware associated with the Torii Botnet is to ensure that all of your Web-connected devices are protected with strong passwords and their software is always up-to-date.


Most Viewed