Reports are now advising of new botnets, with CheckPoint Security publishing their research yesterday:
https://research.checkpoint.com/new-iot-botnet-storm-coming/
|
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
New Botnets "quickly amassing"
- This topic has 5 replies, 1 voice, and was last updated 7 years, 7 months ago.
AuthorViewing 4 reply threadsAuthor-
A Gigantic IoT Botnet Has Grown in the Shadows in the Past Month
By Catalin Cimpanu | October 20, 2017
Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper (Reaper for this article), researchers estimate its current size at nearly two million infected devices.According to researchers, the botnet is mainly made up of IP-based security cameras, network video recorders (NVRs), and digital video recorders (DVRs).
…
The biggest difference between Reaper and Mirai is its propagation method. Mirai scanned for open Telnet ports and attempted to log in using a preset list of default or weak credentials.Reaper does not rely on a Telnet scanner, but primarily uses exploits to forcibly take over unpatched devices and add them to its command and control (C&C) infrastructure.
Netlab says that Reaper, at the time of writing, primarily uses a package for nine vulnerabilities: D-Link 1, D-Link 2, Netgear 1, Netgear 2, Linksys, GoAhead, JAWS, Vacron, and AVTECH. Check Point also spotted the botnet attacking MicroTik adn TP-Link routers, Synology NAS devices, and Linux servers.
Netlab experts say the botnet it’s in incipient stages of development, with its operator busy adding as many devices to the fold as possible.Exploits are added on a regular basis, while the C&C infrastructure expands to accommodate new bots.
Netlab says that it observed over two million infected devices sitting in the botnet’s C&C servers’ queue, waiting to be processed. Just yesterday, only one of the C&C servers was controlling over 10,000 bots.
Read the full article here1 user thanked author for this post.
-
‘IOTroop’ Botnet Could Dwarf Mirai in Size and Devastation, Says Researcher
by Tom Spring | October 20, 2017
A botnet, which is adding new bots every day, has already infected one million businesses during the past month and could easily eclipse the size and devastation caused by Mirai.The malware and botnet, dubbed IOTroop, was spotted in September by researchers at Check Point who warn that 60 percent of corporate networks have at least one vulnerable device.
“So far we estimate over a million organizations have already been affected worldwide, including the U.S., Australia and everywhere in between, and the number is only increasing,” according to Check Point’s preliminary research published Thursday.
…
Researchers believe that the botnet is quickly amassing and may be on the cusp of a massive DDoS attack. “Our research suggests we are now experiencing the calm before an even more powerful storm,” wrote researchers.Still unknown is who are the threat actors behind the malware/botnet, any targets hackers might have and what the timeline of any attack might be.
“It is too early to assess the intentions of the threat actors behind it, but it is vital to have the proper preparations and defense mechanisms in place before an attack strikes,” said researchers.
Read the full article here -
For information about Botnets, see AKB3000005
-
And from theregister.co.uk:
Do fear the Reaper: Huge army of webcams, routers raised from ‘one million’ hacked orgs
Check your cameras, broadband gateways, NAS boxes for latest botnet malwareRight now, check to make sure you’re not exposing a vulnerable device to the internet, apply any patches if you can, look out for suspicious behavior on your network, and take a gadget offline if it’s infected.
-
From wired.com:
The Reaper IoT Botnet Has Already Infected a Million NetworksOn Friday, researchers at the Chinese security firm Qihoo 360 and the Israeli firm Check Point detailed the new IoT botnet, which builds on portions of Mirai’s code, but with a key difference: Instead of merely guessing the passwords of the devices it infects, it uses known security flaws in the code of those insecure machines, hacking in with an array of compromise tools and then spreading itself further. And while Reaper hasn’t been used for the kind of distributed denial of service attacks that Mirai and its successors have launched, that improved arsenal of features could potentially allow it to become even larger—and more dangerous—than Mirai ever was.
“The main differentiator here is that while Mirai was only exploiting devices with default credentials, this new botnet is exploiting numerous vulnerabilities in different IoT devices. The potential here is even bigger than what Mirai had,” says Maya Horowitz, the manager of Check Point’s research team. “With this version it’s much easier to recruit into this army of devices.”
Viewing 4 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Firefox 139
by 2 hours, 55 minutes ago
-
Who knows what?
by 49 minutes ago
-
My top ten underappreciated features in Office
by 1 hour, 36 minutes ago
-
WAU Manager — It’s your computer, you are in charge!
by 9 hours, 51 minutes ago
-
Misbehaving devices
by 2 hours, 36 minutes ago
-
.NET 8.0 Desktop Runtime (v8.0.16) – Windows x86 Installer
by 1 day, 3 hours ago
-
Neowin poll : What do you plan to do on Windows 10 EOS
by 47 minutes ago
-
May 31, 2025—KB5062170 (OS Builds 22621.5415 and 22631.5415 Out-of-band
by 1 day, 2 hours ago
-
Discover the Best AI Tools for Everything
by 1 hour, 17 minutes ago
-
Edge Seems To Be Gaining Weight
by 16 hours, 22 minutes ago
-
Rufus is available from the MSFT Store
by 1 day ago
-
Microsoft : Ending USB-C® Port Confusion
by 2 days, 3 hours ago
-
KB5061768 update for Intel vPro processor
by 3 hours, 4 minutes ago
-
Outlook 365 classic has exhausted all shared resources
by 1 hour, 47 minutes ago
-
My Simple Word 2010 Macro Is Not Working
by 1 day, 23 hours ago
-
Office gets current release
by 2 days, 1 hour ago
-
FBI: Still Using One of These Old Routers? It’s Vulnerable to Hackers
by 3 days, 15 hours ago
-
Windows AI Local Only no NPU required!
by 3 days ago
-
Stop the OneDrive defaults
by 3 days, 16 hours ago
-
Windows 11 Insider Preview build 27868 released to Canary
by 4 days, 2 hours ago
-
X Suspends Encrypted DMs
by 4 days, 4 hours ago
-
WSJ : My Robot and Me AI generated movie
by 4 days, 4 hours ago
-
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
by 4 days, 5 hours ago
-
OpenAI model sabotages shutdown code
by 4 days, 6 hours ago
-
Backup and access old e-mails after company e-mail address is terminated
by 3 days, 18 hours ago
-
Enabling Secureboot
by 4 days, 1 hour ago
-
Windows hosting exposes additional bugs
by 4 days, 14 hours ago
-
No more rounded corners??
by 4 days, 9 hours ago
-
Android 15 and IPV6
by 3 days, 23 hours ago
-
KB5058405 might fail to install with recovery error 0xc0000098 in ACPI.sys
by 5 days, 2 hours ago
Remembering Woody
