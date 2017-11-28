A new strain of the Mirai IoT malware has been discovered following the publication of exploit code targeting networking equipment.

According to a blog post by Chinese IT security firm Qihoo 360 Netlab, researchers noticed an increase in traffic scanning ports 2323 and 23.

“We are quite confident to tell this is a new Mirai variant,” the researchers said.

Researchers spotted two new credentials - admin/CentryL1nk and admin/QwestM0dem - being actively used. The credential admin/CentryL1nk first appeared in an exploit about ZyXEL PK5001Z modem in exploit-db less than a month ago.

They added that the misuse of these two credentials began at around 11 am on 22 November, reaching a peak, a day later. Around 100,000 IPs were recorded scanning for exploitable devices using the credentials, mostly from Argentina, as a source of 65,700.

“This leaves us wondering if it is an attack focus on several specific types of IoT device, as these devices are widely deployed in Argentina, just as happened at last year's Telekom event,” said researchers.

This article originally appeared at scmagazineuk.com