Malicious Worm on Linux-based IoT Devices

Topic

New Reply

Tracking the Hide and Seek Botnet

By MalwareTech | January 9, 2019

 
Hide and Seek (HNS) is a malicious worm which mainly infects Linux based IoT devices and routers. The malware spreads via bruteforcing SSH/Telnet credentials, as well as some old CVEs. What makes HNS unique is there’s no command and control server; instead, it receives updates using a custom peer-to-peer network created out of infected devices.

Botnet Connectivity
Each HNS infected device runs a UDP server on a port which is either provided upon infection, or randomized. Newly infected devices are given a list of IP and port combinations which correspond to other HNS infected devices (known as peers). Infected devices maintains a list of other peers which has a limited size based on available RAM (usually around 512).

 
Read the full article here

3 users thanked author for this post.

NetDef, Elly, Microfix

Reply | Quote

Replies

IoT security has never been reported to be good. You need to have some sort of firewall protection so that the traffic getting to and from the IoT device is controlled. Even with that, I’m still hesitant to use or recommend these devices.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

I have some trouble coming up with a list of ways in which the IoT could make it much easier for me to do something very important and that I really need “right now”, that cannot wait until I get around to do it the old-school way. (Devices that send an alarm over the telephone or the Internet when the user has a bad fall or a heart attack have been around for some time and probably do not to count as part of the IoT.)

After all, mine is one of the latest generations of a human lineage that goes back tens of thousands of years and hundreds of generations and, in all that time, people have been making do without the IoT out there to help. But, in spite of such lack of pricy IoT equipment, all those people have managed to keep things going (and even going very well, at times) until today, with its Silicon Valley gurus and the rest of us.

Of course, keeping up with the neighbors and getting one over them, when possible, is an equally ancient sport.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Reliable clean water and flush toilets are relatively new developments on your timeline as well. Not all the old ways are the good ways.

Eventually we will get cool new gadgets that are also feature security. It took a while to make steam trains safe too.

Reply | Quote

… hey, then again… A badly done flush toilet can be a lot worse than a badly done outhouse, let alone a semi-decent outhouse.

IoT, right now, is at the stage where you can’t yet expect an off-the-shelf solution be done well enough to be better than the old way. Let’s hope the technologies mature quickly…

Reply | Quote