After the first two botnets have been discovered which is BirckerBot and Silex, a new botnet has been found by Security Researcher from Netlab. The name of a new botnet is HEH which contains a malicious code that can wipe out all the data on the infected machine including IoT device and network device(switch and router).
Source: Netlab blog
Based on the flow-chart that been produce by NetLab above, we can notice that the botnet can be spread via attacks such as brute-force where it will against any SSH ports (port 23 and 2323) that been exposed on the internet-connected system base.
How the botnet take advantages of SSH port?
Apparently, the botnet can gains any access to the infected system where the devices is using a default or an easy-to-guess SSH credentials. Next, the botnet will automatically download a group of seven binaries which lead to installing the HEH botnet/malware into the infected system.
Although been said above, the most shocking news with this new botnet is that the botnet doesn’t include any offensive features such as belows:
- DDoS launcher;
- crypto-miner and;
- traffic monitor for any bad actors in the network.
In their Netlab Blog, they did analyse and found out that the botnet will try to execute the following series of Shell command in order to wipe out everything on the disk but
Netlab also said in their blog that HEH samples are running on the following CPU architectures
- MIPS(MIPS32/MIPS-III) and;