silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,048
A new botnet has compromised hundreds of ASUS, D-Link and Dasan Zhone routers over the past three months, as well as Internet of Things (IoT) devices like video recorders and thermal cameras.
The botnet, called dark_nexus (based on a string it prints in its banner), uses processes similar to previous dangerous IoT threats like the Qbot banking malware and Mirai botnet. However, dark_nexus also comes armed with an innovative module for enabling persistence and detection evasion, which researchers say “puts other [botnets] to shame.”
“While [dark_nexus] might share some features with previously known IoT botnets, the way some of its modules have been developed makes it significantly more potent and robust,” researchers with Bitdefender said in a Wednesday analysis. “For example, payloads are compiled for 12 different CPU architectures and dynamically delivered based on the victim’s configuration.”