Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Sunday April 12 2020, @04:17PM   Printer-friendly
from the tricky dept.

Meet dark_nexus, quite possibly the most potent IoT botnet ever:

A newly discovered botnet that preys on home routers, video recorders, and other network-connected devices is one of the most advanced Internet-of-things platforms ever seen, researchers said on Wednesday. Its list of advanced features includes the ability to disguise malicious traffic as benign, maintain persistence, and infect devices that run on at least 12 different CPUs[*].

Researchers from antivirus provider Bitdefender described the so-called dark_nexus as a "new IoT botnet packing new features and capabilities that put to shame most IoT botnets and malware that we've seen." In the three months that Bitdefender has tracked it, dark_nexus has undergone 30 version updates, as its developer has steadily added more features and capabilities.

The malware has infected at least 1,372 devices, which include video recorders, thermal cameras, and home and small office routers made by Dasan, Zhone, Dlink, and ASUS. Researchers expect more device models to be affected as dark_nexus development continues.

[...] The botnet has propagated both by guessing common administrator passwords and exploiting security vulnerabilities. Another feature that increases the number of infected devices is its ability to target systems that run on a wide range of CPUs[*]

[...] Bitdefender's report said that while the dark_nexus propagation modules contain code targeting ARC and Motorola RCE architectures, researchers have so far been unable to find malware samples compiled for these architectures.

[*] The executables are all statically linked and stripped. Except for x86 which has a 64-bit executable, all others are 32-bit. The targeted architectures are: arm5, arm6, arm7, mpsl, mips, i586, x86, spc, m68k, ppc, arc, sh4, rce. The researchers have examined samples of all of these except for arc and rce.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: -1, Spam) by Anonymous Coward on Sunday April 12 2020, @11:05PM

    by Anonymous Coward on Sunday April 12 2020, @11:05PM (#981741)

    Dr. Pizza/Peter Bright of Arstechnica FOUND GUILTY on pedocrimes March 2020 proof https://www.youtube.com/watch?v=S3kTa6s_r4U [youtube.com] - so much for ArsHOLETechnica's rep online, forever (nothing but a NEST OF PEDOS, period). Serves him, & arseHOLEtechnica, right. Now, PEDrO "not too BRIGHT" can take LEROY's BIG BLACK RADIATOR HOSE right up HIS ass so he gets a DOSE OF HIS OWN CHILD RAPING MEDICINE & so he gets FULL-BLOWN AIDS!

    * JUSTICE truly HAS BEEN SERVED!

    (Hey Peter Bright - I don't expect you'll LIVE TOO LONG once the other inmates "get wind" of you being a CHILD MOLESTING SICKO you DISGUSTING abomination... lol!)

    APK

    P.S.=> You PITIFUL little FUCKING WEASELS & WHIMPS @ arseHOLEtechnica remember STALKING ME ONLINE only to have me COMPLETELY BLOW YOU AWAY not only TECHNICALLY @ Windows IT Pro magazine (despite the idiots I am going to note from arstechnica next also having been BEATEN DOWN easily by "yours truly" on even MORE technical levels as well TONS of times, which pissed them off since I exposed them as "fake it till you make it" CHARLATANS) where Jeremy Reimer, Jay Little & Jarrett DeAngelis under their REAL NAMES (+ MULTIPLE SOCKPUPPETS arstechnica's been CAUGHT DOING FOR DECADES on their PEDONEST PRIVATE PLAYPEN & other sites in addition to doing so on arseHOLEtechnica forums) BADLY VERY PUBLICLY LOSING to me on Exchange Servers FLOORED by memory fragmentation per Microsoft's OWN DOCUMENTATION proving me right on it easily (proving that arstechnica = MERE WANNABE know NOTHING fools in tech) years (nearly decades) ago (including getting Jeremy Reimer's PERSONAL WEBSITE taken down from his hosting provider, which that WEASEL WHIMP moved to his own server after (he had to, nobody wants HIM around, the little fuck) & Reimer caught harassing me via email along w/ Jay Little (who also had his website @ CrystalTech taken down too, mind you) doing so with him & LASTLY when I TORE UP Peter Bright's little IRC server SO BAD it RAN YOU ALL OUT OF YOUR OWN CHATROOMS there? I truly NOW get that "LAST LAUGH" @ ALL of "arseHOLEtechnica" & I am laughing @ the ENTIRETY of UNDERACHIEVER WANNABE PEDONEST ARSTECHNICA, forever & so is EVERYONE ONLINE you SICK little ABOMINATIONS & PEDERASTS)... apk

    Starting Score:    0  points
    Moderation   -1  
       Informative=1, Spam=2, Total=3
    Extra 'Spam' Modifier   0  

    Total Score:   -1