Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Saturday July 21 2018, @03:28PM   Printer-friendly
from the imagine-if-he-worked-day-AND-night? dept.

Malware Author Builds 18,000-Strong Botnet in a Day

A malware author has built a huge botnet comprised of over 18,000 routers in the span of only one day.

This new botnet has been spotted yesterday by security researchers from NewSky Security, and their findings have been confirmed today by Qihoo 360 Netlab, Rapid7, and Greynoise.

[...] The botnet has been built by exploiting a vulnerability in Huawei HG532 routers, tracked as CVE-2017-17215.

Scans for this vulnerability, which can be exploited via port 37215, started yesterday morning, July 18, according to data collected by Netlab's NetScan system.

[...] Wicked/Anarchy is a well-known malware author who, in the past, has created variations of the Mirai IoT malware. These variations and their respective botnets were known as Wicked, Omni, and Owari (Sora), and had been previously used for DDoS attacks.

[...] But Anarchy is not done yet. The botnet author told Anubhav that he also plans to target CVE-2014-8361, a vulnerability in Realtek routers exploitable via port 52869.

One day in the bright future, everything connected to the internet will be magically supported forever by updates from the manufacturer. No more malware. The intarweb tubes will be one giant safe space with rainbows and unicorns for all.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0) by Anonymous Coward on Saturday July 21 2018, @03:38PM

    by Anonymous Coward on Saturday July 21 2018, @03:38PM (#710452)

    > and their findings have been confirmed today

    Imagine if scientific experiments could be confirmed by independent researchers the day after publication!

  • (Score: 0) by Anonymous Coward on Saturday July 21 2018, @04:16PM (2 children)

    by Anonymous Coward on Saturday July 21 2018, @04:16PM (#710468)

    One day in the bright future, everything connected to the internet will be magically supported forever by updates from the manufacturer. No more malware. The intarweb tubes will be one giant safe space with rainbows and unicorns for all.

    Probably when someone starts paying this guy to push the updates...

    • (Score: 2) by shipofgold on Saturday July 21 2018, @06:11PM (1 child)

      by shipofgold (4696) on Saturday July 21 2018, @06:11PM (#710517)

      Actually auto updates are a double edge sword. I have seen updates that reduce functionality.

      If security updates were separate from functionality updates I would be all for auto installs. But most times it is all or nothing.

      Recently AT&T pushed some sort of update to their DSL router/firewall which prevents inbound connections on SSH port 22. Took me three days to figure out why I couldn't get into my Linux computer from outside my home.

      I would have been less miffed if they closed it at their end, but it was definitely an update to the firewall software on the box. Amazon also keeps updating my FireTV software as evidenced by the interface changes.

      • (Score: 2, Insightful) by Anonymous Coward on Saturday July 21 2018, @08:38PM

        by Anonymous Coward on Saturday July 21 2018, @08:38PM (#710556)

        One of the reasons I refuse to accept any CPE device from my ISP that is anything but a plain modem. No thanks, I have my own wifi AP, router/firewall and VoIP PBX. They keep trying to push that shit on me and now purportedly do not have any more plain old modems in their hardware pool. When the "legacy" cable modem installed at my place breaks, I'll have to find a replacement on ebay - because the fuckers at ISP tech support will promise to mail the correct device but ship a worse-than-cancer chinese cheapo router/wifi/firewall combo instead. Been through that before.

        Luckily here (Germany) the regulatory body has ruled that ISPs are required to connect suitable customer-provided equipment to their network, otherwise I'd be fucked.

  • (Score: 5, Funny) by fyngyrz on Saturday July 21 2018, @04:35PM

    by fyngyrz (6567) on Saturday July 21 2018, @04:35PM (#710475) Journal

    The intarweb tubes will be one giant safe space with rainbows and unicorns for all.

    You do know that unicorns have a vulnerability exploitable by virgins, right?

    And these people are programmers, so...

  • (Score: 2) by takyon on Saturday July 21 2018, @04:46PM (1 child)

    by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Saturday July 21 2018, @04:46PM (#710477) Journal

    Hasn't someone out there created a 10-million node botnet in a day by now?

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    • (Score: 0) by Anonymous Coward on Saturday July 21 2018, @08:35PM

      by Anonymous Coward on Saturday July 21 2018, @08:35PM (#710555)

      Challenge Accepted!!

(1)