The revolutionary HNS botnet
posted date: 13/05/2018
Botnets are large networks of enslaved, remotely controlled devices that cybercriminals can use for various malicious purposes. Some common uses cases include spam campaigns and distributed denial-of-service (DDoS) attacks, to name few. Over time, botnets underwent an evolution to align with the rapid technological progress. The relatively new one referred to as HNS (Hide and Seek) appears to be one of a kind as it boasts revolutionary communication and persistence features.
The malware underlying HNS was originally spotted on January 10, 2018. It acted in a unique way from the get-go, targeting online-accessible IoT (Internet of Things) devices rather than regular PCs. The worst part is that the strain perseveres on compromised smart gadgets even after a reset.
It used to be that resetting a hacked device, that is, cleaning its flash memory would wipe any malware from it. With this cutting-edge infection, though, the onslaught continues regardless. This is because its payload ends up in /etc/init.d/, a directory that hosts critical operating system scripts and remains unaltered even after an IoT device has been rolled back to its factory settings.
One more trait of the Hide and Seek botnet malware is that it leverages a custom P2P protocol to communicate with the zombie systems. This characteristic, along with the use of catalogued firmware exploits, make the culprit a highly toxic contagion. On the one hand, it can harness software vulnerabilities to infect new IoT objects. On the other, it can also instruct these devices to scan for counterparts with vulnerable Telnet port, just to access these systems using default credentials. The latest edition of HNS supports a dozen of different types of IoT devices.
Some good news, though, is that the HNS botnet is reportedly incapable of orchestrating DDoS incursions at this point. Another noteworthy fact is that the above-mentioned boot persistence feature only applies if the contamination takes place via Telnet port. One way or another, this botnet is shaping up to be a new big player on the cybercrime landscape.
[back to News updates]
13/05/2018 The revolutionary HNS botnet
03/11/2017 Lazaru Hackers Used Hermes Ransomware to Cover over Big Bank Heist
07/06/2009 iDump (Freeware) Build 29 Released
29/07/2007 We've moved to a new server...
23/06/2007 iDump Update Build24
01/01/2006 iDump gets a Small update.
08/10/2005 iDump Update v1.0.8
|Problems with the site then report it here.|