2 min read

Could this be the world's most harmless IoT botnet?

Graham CLULEY

May 08, 2020

Could this be the world's most harmless IoT botnet?

When researchers investigate suspected malware on an IoT device they normally expect to find a cryptominer to earn a hacker digital cash or perhaps botnet code to launch DDoS attacks against websites.

What they probably never expect is to stumble across an entire botnet secretly operating under the radar of security firms for years, with the sole purpose of downloading Japanese anime videos.

The so-called Cereals botnet, created eight years ago, exploits a security vulnerability in D-Link NAS (Network Attached Storage) and NVR (Network Video Recorder) devices to hijack them for its anime-collecting purposes.

As researchers at Forcepoint describe, at its peak in 2015 the Cereals botnet had 10,000 vulnerable devices under its control.

But unlike other botnets it does not appear that its creator was motivated by money, and no attempts were apparently made over the eight years to infect other types of device or exploit other vulnerabilities.

And despite its use of just one vulnerability to hijack D-Link NAS and NVR devices, Cereals was not unsophisticated – it patched systems in an attempt to prevent other attacks from hijacking devices it had infected, and maintained four backdoor mechanisms for accessing and controlling the botnet’s nodes: SSH, RSS, a custom CGI backdoor, and the exploited vulnerability.

All this work, just for an unknown hacker – believed to be based in Germany and using the name “Stefan” – to order his botnet to log into websites, and download Japanese anime videos.

However much you’re into anime, that’s taking your obsession quite seriously.

But Cereals’ activities were not to continue indefinitely.

It suffered a blow in late 2018 when some D-Link NAS devices were hit by the Cr1ptT0r ransomware, which didn’t just encrypt users’ data but also disrupted Cereals use of the same hijacked devices. The threat posed by the Cr1ptT0r ransomware was such that D-Link released firmware updates for some affected devices.

So, might this be the world’s most harmless IoT botnet?

Perhaps. It is, at the very least, refreshing to hear about a botnet that is not written with apparent malice in mind and appears to be more of a ‘hobby’ project for its creator.

But “most harmless” is not the same as completely harmless. Cereals didn’t ask for permission before installing itself onto those D-Link NAS and NVR devices, and even if used sparingly it will have gobbled up some resources both from the infected user’s IoT device and their bandwidth. And what of the websites and copyright holders who had their videos downloaded by the technologically-savvy anime fan?

Just because something can be done doesn’t mean that it should be done. The Cereals botnet may not have been created with the intention of extorting money or defrauding users, but it still isn’t something you want to have running on your devices without your knowledge and permission.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Google Prepares to Reset App Permissions on Billions of Devices Google Prepares to Reset App Permissions on Billions of Devices
Silviu STAHIE

September 20, 2021

1 min read
Sideloading Android Apps - Bane or Blessing for Android Users Sideloading Android Apps - Bane or Blessing for Android Users
Silviu STAHIE

September 20, 2021

2 min read
FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches
Silviu STAHIE

September 17, 2021

1 min read