Researchers warn of new botnet that could take down the internet

William Gayde

Posts: 380   +5
Staff member

Security group Check Point Research claims to have discovered a rapidly growing and evolving botnet which they believe could eventually take down the internet. This botnet consists of millions of internet connected devices, better known as the Internet of Things. They have compared its strength to the now infamous Mirai botnet, but believe it will dwarf Mirai in its speed and growth.

This latest threat has been called the Reaper botnet and makes other attacks look childish. Mirai worked by infecting unsecured devices with default passwords to add them to the botnet. The Reaper works by actively hacking and infiltrating millions of devices around the globe. Wired described it as "the difference between checking for open doors and actively picking locks."

The Reaper malware contains some of the Mirai source code, but has greatly expanded its risk and potential. Rather than guessing common passwords, Reaper uses known vulnerabilities to inject its code into the victim. This allows it to grow at a much faster rate.

The malware has already been discovered on 60% of networks monitored by Checkpoint. Vulnerable hardware includes devices from GoAhead, D-Link, TP-Link, Netgear, AVTech, MikroTik, Linksys, Synology, and some portions of Linux. Many of these device manufacturers have released patches for the vulnerabilities, but most users don't apply them.

There are millions of devices already running the Lua-based software that will allow the botnet owners to load their attack modules. There have been no reported uses of the botnet, but the code shows it's in standby waiting for a signal to start the volley of DDoS attacks.

Mirai had a bandwidth exceeding 1Tbps and was able to bring down sites like GitHub, Twitter, Reddit, Netflix, and Airbnb. Reaper is far more sophisticated and has the potential to launch attacks on a scale never seen before experts warn.

Lead photo by William Bout on Unsplash

Permalink to story.

 

havok585

Posts: 262   +101
Good. Loosing the internet for a week might slap some sense into the crazies that seem to clog up every news site and forum. So many people have lost their minds in the last few years.

I wouldnt mind if this happened every 2-3 months ! It would really put some things into perspective about society without internet for a bit.
 

Uncle Al

Posts: 8,042   +6,807
When they say that most users don't use the upgrades repairs I wonder just how much effort is made to inform the end user? Over the years I have NEVER received a notice from Netgear, Linksys, or D-Link despite the fact that I went on line and registered the devices. Sounds like the manufacturers have some work to do!
 
When they say that most users don't use the upgrades repairs I wonder just how much effort is made to inform the end user? Over the years I have NEVER received a notice from Netgear, Linksys, or D-Link despite the fact that I went on line and registered the devices. Sounds like the manufacturers have some work to do!
Definitely. I'm glad those botnets started appearing, because what now happens, is that phone and IoT manufacturers instead of using a common GNU/Linux distro, are using some home made crap that is dropped after 2-3 years. Whereas if they used a distro, updates would kept appearing for many years forward.
 

wiyosaya

Posts: 6,091   +4,323
When they say that most users don't use the upgrades repairs I wonder just how much effort is made to inform the end user? Over the years I have NEVER received a notice from Netgear, Linksys, or D-Link despite the fact that I went on line and registered the devices. Sounds like the manufacturers have some work to do!
Definitely. I'm glad those botnets started appearing, because what now happens, is that phone and IoT manufacturers instead of using a common GNU/Linux distro, are using some home made crap that is dropped after 2-3 years. Whereas if they used a distro, updates would kept appearing for many years forward.
Absolutely agreed, but as Uncle Al says, the manufacturers need to notify people of updates, however, even if they do, my bet is none but the technically inclined would be knowledgeable enough to use them.

As I have said elsewhere, IoT manufacturers need to be focusing on security instead of capitalizing on the fad. Until then, they are helping to make the internet worse, and for me, IoT devices are useless.
 

holdum323

Posts: 1,721   +452
I nominate twitter first so we don't have to read Trumps tweets.
Hopefully We still have a few congressmen with some common sense like John McCain; that will bring some sense into this country that I love. USAF1958 -1962 Electrician C 130! Okinawa. 18 months. No bone spurs. I volunteered and I'm proud to have served The USA . They assassinated my Commander In Chief ' John Kennedy' . That was a sad day for me.
Go ahead and infect me. I have 7 images that I can use to get me back up and running and they have all been verified.:D
PS I don't feel at ease replying on these threads; but some times, it feels like I should.:D
 
Last edited: