2 min read

Reaper IoT botnet could be more devastating than Mirai


October 24, 2017

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Reaper IoT botnet could be more devastating than Mirai

Think the Mirai botnet which launched a DDoS attack that knocked major websites offline last year was bad?

It’s possible that you ain’t seen nothing yet.

Security researchers have warned that a new botnet is rapidly hijacking vulnerable IoT devices, and could dwarf Mirai in terms of its size and damaging power.

The botnet, known as Reaper or IOTroop, appears to have borrowed some of the notorious Mirai attack’s code, targeting poorly-defended IoT devices, such as wireless IP cameras and routers manufactured by the likes of Avtech, D-Link, GoAhead, Linksys, MikroTik, Synology, and TP-Link.

Some experts say that more than two million devices may have already been infected.

But whereas Mirai grew its botnet army by simply guessing the admin passwords of targeted devices, Reaper exploits known security vulnerabilities to compromise routers and security cameras, and then hunts for other devices to infect – spreading like a worm, making recruiting an IoT even easier.

The galling truth is that many of the vulnerable devices have already had patches issued by their manufacturers, but that home users are unware, or simply have not bothered to apply the updates.

If you’re in any doubt, update your device if it’s on the list of affected products, or even consider wiping the malware by pulling the plug and initiating a factory reset.

When it comes to the Reaper botnet, you need to ensure that your IoT devices are unaffected not so much because of damage that the botnet might do to you, but rather the devastating impact that millions of compromised devices could have by launching a large-scale distributed denial-of-service attack on other parts of the internet.

Reaper may not have shown any sign of launching a DDoS attack yet, but it would not be hard for its overlords to command it to download new malicious updates that could bombard a website with unwanted traffic.

With it being highly unlikely that many people will update their IP cameras and routers to protect against known vulnerabilities, the only thing that the world can do is hold its breath, hoping that the Reaper botnet will not be used in anger.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like