Dr.Web, a cyber security firm, has found a Windows Trojan that helps spread the infamous Mirai botnet across IoT (Internet of Things) devices. The newly found trojan targets Windows systems, and once installed, the trojan scans the network for connected IoT devices. If it finds a vulnerable device, it compromises the device and uses it in later attacks. Last year in October, Mirai brought down a huge chunk of the Internet by launching a DDoS (Distributed Denial of Service) attack on the Dyn managed DNS service.

The Windows trojan doesn’t stop at compromising the IoT devices; it continues to spread itself to other Windows devices to further find and exploit more IoT devices.

Researchers noted that the malware could also identify and compromise database services running on various ports, including MySQL and Microsoft SQL, to create a new admin phpminds with the password phpgodwith , allowing attackers to steal the database. At this time, it’s not known who created this trojan, but the attack design demonstrates that IoT devices that are not directly accessible from the Internet can also get hacked to join the Mirai botnet army.

IoT devices are already vulnerable to infection, so why are malware writers targeting Windows? Primarily because Windows still dominates the market and it gives the malware writers another platform to spread the botnet.