SoylentNews

upstart writes in with an IRC submission for SoyCow8192:

Meet dark_nexus, quite possibly the most potent IoT botnet ever:

A newly discovered botnet that preys on home routers, video recorders, and other network-connected devices is one of the most advanced Internet-of-things platforms ever seen, researchers said on Wednesday. Its list of advanced features includes the ability to disguise malicious traffic as benign, maintain persistence, and infect devices that run on at least 12 different CPUs[*].

Researchers from antivirus provider Bitdefender described the so-called dark_nexus as a "new IoT botnet packing new features and capabilities that put to shame most IoT botnets and malware that we've seen." In the three months that Bitdefender has tracked it, dark_nexus has undergone 30 version updates, as its developer has steadily added more features and capabilities.

The malware has infected at least 1,372 devices, which include video recorders, thermal cameras, and home and small office routers made by Dasan, Zhone, Dlink, and ASUS. Researchers expect more device models to be affected as dark_nexus development continues.

[...] The botnet has propagated both by guessing common administrator passwords and exploiting security vulnerabilities. Another feature that increases the number of infected devices is its ability to target systems that run on a wide range of CPUs[*]

[...] Bitdefender's report said that while the dark_nexus propagation modules contain code targeting ARC and Motorola RCE architectures, researchers have so far been unable to find malware samples compiled for these architectures.

[*] The executables are all statically linked and stripped. Except for x86 which has a 64-bit executable, all others are 32-bit. The targeted architectures are: arm5, arm6, arm7, mpsl, mips, i586, x86, spc, m68k, ppc, arc, sh4, rce. The researchers have examined samples of all of these except for arc and rce.

Original Submission