Latest Botnet has been discovered

After the first two botnets have been discovered which is BirckerBot and Silex, a new botnet has been found by Security Researcher from Netlab. The name of a new botnet is HEH which contains a malicious code that can wipe out all the data on the infected machine including IoT device and network device(switch and router).

Source: Netlab blog

Based on the flow-chart that been produce by NetLab above, we can notice that the botnet can be spread via attacks such as brute-force where it will against any SSH ports (port 23 and 2323) that been exposed on the internet-connected system base.

How the botnet take advantages of SSH port?

Apparently, the botnet can gains any access to the infected system where the devices is using a default or an easy-to-guess SSH credentials. Next, the botnet will automatically download a group of seven binaries which lead to installing the HEH botnet/malware into the infected system.

Although been said above, the most shocking news with this new botnet is that the botnet doesn’t include any offensive features such as belows:

  • DDoS launcher;
  • crypto-miner and;
  • traffic monitor for any bad actors in the network.

In their Netlab Blog, they did analyse and found out that the botnet will try to execute the following series of Shell command in order to wipe out everything on the disk but

Source: Source: Netlab blog

Netlab also said in their blog that HEH samples are running on the following CPU architectures

  • x86(32/64);
  • ARM(32/64);
  • MIPS(MIPS32/MIPS-III) and;
  • PPC

Reference: New HEH botnet can wipe routers and IoT devices, HEH, a new IoT P2P Botnet going after weak telnet services

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *