IoT botnet infects 100,000 routers to send Hotmail …ZDNet
Posted by WorldTimeNews on 8th November 2018
| 37 views

A new botnet made up of roughly 100,000 home routers has silently grown over the past two months.
According to current evidence, the botnet’s operators appear to use the infected routers to connect to webmail services and are most likely sending out massive email spam campaigns.
First spotted this September by the Netlab team at Qihoo 360, the botnet has been exploiting a well-known five-year-old vulnerability to spread.
The vulnerability was discovered in 2013 by security researchers from DefenseCode and resides in the Broadcom UPnP SDK, a piece of software that was embedded in thousands of router models from multiple vendors.
Several botnets have abused this flaw in the past, but Netlab has nicknamed this latest botnet BCMUPnP_Hunter.
The name comes from the botnet’s constant scans for routers with exposed UPnP interfaces (port 5431).
Over the last two months, the Chinese researchers say they’ve seen BCMUPnP_Hunter scans originating from over 3.37 million IPs, but the number of daily active devices has been usually at around 100,000.
Victims are spread out pretty evenly across the globe, but the biggest concentration of infected routers are in India, China, and the US.
Most of today’s botnets rely on source code that has been leaked online, but in regards to this, BCMUPnP_Hunter is a totally new beast.
This secondary function allows the botnet to use infected the routers as proxy nodes and relay connections from the botnet’s operators to remote IPs.

A new botnet made up of roughly 100,000 home routers has silently grown over the past two months. According to current evidence, the botnet’s operators appear to use the infected routers to connect to webmail services and are most likely sending out massive email spam campaigns.

We use cookies to help give you the best possible experience on our website. Cookies help us personalize content and ads, provide …

Source link