1 min read

New IoT Botnet Finds Open Telnet Ports and Brute-Forces Entry and Installation

Silviu STAHIE

October 08, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
New IoT Botnet Finds Open Telnet Ports and Brute-Forces Entry and Installation

Security researchers have found a new botnet that’s brute-forcing its way onto devices through opened Telnet ports and named it HEH. Its makers wrote in GO, and the malware covers a wide array of possible architectures, allowing it to compromise numerous IoT devices.

The number of botnets has increased in direct proportion to the explosion of the IoT market. Numerous botnets are already active, including many that use the same principles to spread and infect devices. The appearance of yet another one, written from scratch, is proof there’s still plenty of room for more malware.

A key reason why new malware keeps popping up is that security researchers often find existing botnets, revealing their modus operandi and location. When these botnets are exposed, security solutions, ISPs, and other institutions have an easier time shutting them down.

The 360Netlab researchers found that the HEH botnet supports a vast array of CPU architectures x86(32/64), ARM(32/64), MIPS(MIPS32/MIPS-III) and PPC, which only means that is developers made sure it can infect most any device with the Telnet port open.

“After the Bot runs the P2P module, it will execute the brute force task against the Telnet service for the two ports 23 and 2323 in a parallel manner, and then complete its own propagation,” say the researchers.

Of course, when it does find a Telnet port, it will begin its brute-force attacks using 171 usernames and 504 passwords. While the researchers didn’t share the credentials, for security reasons, it’s easy to surmise that those credentials are a combination of default user names and passwords and some of the most common that people use in their daily lives.

HEH is far from complete, which means that attackers are still fine-tuning it.

“Some important functions such as attack module have not yet been implemented. Also the P2P implementation still has flaws,” the researchers also point out.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Data of 500,000 already vulnerable people stolen from Red Cross Data of 500,000 already vulnerable people stolen from Red Cross
Radu CRAHMALIUC

January 20, 2022

1 min read
Printing Giant RR Donnelley Forced into Talks with Conti Ransomware Group to Stave Off Corporate Data Leak Printing Giant RR Donnelley Forced into Talks with Conti Ransomware Group to Stave Off Corporate Data Leak
Filip TRUȚĂ

January 20, 2022

1 min read
Top Five Security Tips for Mac Users in 2022 Top Five Security Tips for Mac Users in 2022
Filip TRUȚĂ

January 19, 2022

4 min read