New IoT botnet 'puts others to shame'

April 13, 2020 //By Rich Pell
New IoT botnet 'puts others to shame'
Researchers at antivirus software provider Bitdefender say they have found a new IoT botnet that has features and capabilities that puts other IoT botnets and malware "to shame."

The IoT botnet, named "dark_nexus" based on a string it prints in its banner, has the ability to launch a range of various DDoS attacks, disguise malicious web browser traffic as benign, maintain persistence, and infect devices that run on at least 12 different CPUs. The botnet, say the researchers, has already infected over 1,300 devices - including video recorders, thermal cameras, and various home and small office routers - by guessing common administrator passwords and exploiting security vulnerabilities.

"While it might share some features with previously known IoT botnets, the way some of its modules have been developed makes it significantly more potent and robust," says Liviu Arsene, a senior cybersecurity analyst for Bitdefender. "For example, payloads are compiled for 12 different CPU architectures and dynamically delivered based on the victim's configuration."

The botnet features a technique meant to ensure "supremacy" on the compromised device. Uniquely, say the researchers, dark_nexus uses a scoring system based on weights and thresholds to assess which processes might pose a risk by maintaining a list of whitelisted process and their PIDs, and killing every other process that crosses a threshold of suspicion.


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.