Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Hajime Botnet Malware Observed Infecting 300,000 Unsecure IoT Devices

    By
    ROBERT LEMOS
    -
    April 28, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Zbot botnet

      Over the past six months, a botnet known as Hajime has successfully infected more than 300,000 Internet-of-Things devices, in a sign that manufacturers continue to fail to secure their  network-connected devices, according to an analysis published by security firm Kaspersky Lab on April 25.

      The botnet mainly uses two methods of attack that focus on the brute-force guessing of passwords or exploiting the use of a default password, Igor Soumenkov, principal security researcher at Kaspersky Lab, told eWEEK. For example, one module focuses on the Arris cable modem and uses a password-of-the-day algorithm to login to devices that have the capability activated. The vulnerability has been known since 2009, according to Kaspersky Lab.

      “What is surprising is that the simplest methods—such as brute forcing the password—still work and they are effective at infecting,” Soumenkov said. “A lot of devices use preset passwords that no one changes, and a lot of times the user cannot even modify the password.“

      Hajime, which means “beginning” in Japanese, is a global botnet. While the botnet has focused on finding devices with weak passwords, the programmer, or programmers, behind the malware continue to improve on its design as well. Most recently, the developers added the ability to exploit a protocol used by Internet service providers to remotely manage devices, Kaspersky Lab stated in its analysis.

      The botnet has successfully compromised devices around the globe. About half of the infected devices appear to be operating in five different countries: Iran, Brazil, Vietnam, the Russian Federation and Turkey. The lion’s share of the devices appear to be digital video recorders and Internet-connected video systems, Soumenkov said.

      “Most of these are cameras and DVRs, or video-security cameras and the servers used to help with recording to the video cameras,” he said. The makers of such systems have historically given short shrift to security, he added. “Most of these devices are produced by a limited number of vendors and they are easy to exploit.”

      All the devices targeted by the botnet run some form of Linux or embedded Linux, Soumenkov said. The malware will attempt to detect the specific type of device before trying its telnet exploit, but otherwise does not discriminate, according to Kaspersky Lab’s analysis.

      “The malware authors are mainly reliant on very low levels of security,” the researchers stated.

      The botnet is unrelated to the infamous Mirai botnet, which has been used to create denial-of-service attacks to overwhelm victims’ networks with traffic. Last September, a massive attack effectively blocked access to a popular security blogger’s site and an internet service provider.

      So far, the purpose of the botnet remains unclear, according to Kaspersky Lab. Unlike Mirai, Hajime botnet is not known to have been used in an attack.

      “While the botnet is getting bigger and bigger, partly due to new exploitation modules, its purpose remains unknown,” the analysis stated. “We haven’t seen it being used in any type of attack or malicious activity.”

      However, the author of the malware behind the botnet has apparently left a message behind on every infected device: “Just a white hat, securing some systems. Important messages will be signed like this! Hajime Author.”

      So far, there seems to be no evidence that the person or group behind Hajime is securing the systems infected by the malware, Kaspersky said. “Whether the author’s message is true or not remains to be seen,” the analysis concluded.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×