Intrusion PreventionMirai.Botnet
Description
This indicates that a system might be infected by Mirai Botnet.
Mirai is a Linux malware that primarily targets IoT devices such as IP cameras and routers. Mirai often uses default credentials or command injection exploits to infect IoT devices. The malware can mine cryptocurrencies, perform DDoS, execute arbitrary commands, and scan the internet for other vulnerable devices to infect.
Please note: this signature often gets triggered by scanning traffics from devices infected by Mirai. Please check the source IP to verify if the infection is on the local network.
Affected Products
Any unprotected internet device is vulnerable to the attack.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
If required, the signature's action can be set to "Block".
Please use Anti-Virus software to scan and clean the infected devices.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-11-14 | 29.904 | Sig Added |
| 2024-10-29 | 28.892 | Sig Added |
| 2024-06-20 | 28.812 | Sig Added |
| 2024-06-18 | 28.810 | Sig Added |
| 2024-05-22 | 27.791 | Sig Added |
| 2023-12-14 | 26.696 | Sig Added |
| 2023-10-26 | 25.666 | Sig Added |
| 2023-08-14 | 25.620 | Sig Added |
| 2022-10-17 | 22.414 | Sig Added |
| 2022-06-14 | 21.338 | Sig Added |
| ID | 43191 |
| Created | Oct 10, 2016 |
| Updated | Nov 14, 2024 |
| Risk |
|
| Default Action | pass |
| Active | |
| Affected OS | Linux |
| Affected App | Other |