New HNS IoT Botnet Has Already Amassed 14K Bots

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
A new botnet is growing around the world, feeding off unsecured IoT devices, mainly IP cameras, and getting ready to do some harm.

Discovered by security researchers from Bitdefender, the new botnet is called Hide 'N Seek (HNS), and according to experts, the botnet first appeared on January 10, died off for a few days, and came back strong over the weekend, on January 20.

In all this time, the botnet grew from an initial list of 12 compromised devices to over 14,000 bots, as of writing.

Not Mirai related
Unlike all the Internet of Things (IoT) botnets that have appeared in recent weeks, HNS is not another modification of the Mirai IoT malware source code that was leaked online last year.

In fact, according to Bogdan Botezatu, Bitdefender senior e-threat analyst, the HNS botnet is more similar to Hajime rather than Mirai.

"It is the second known IoT botnet to date, after the notorious Hajime botnet, that has a decentralized, peer-to-peer architecture," Botezatu says. "However, if in the case of Hajime, the P2P functionality was based on the BitTorrent protocol, here we have a custom-built P2P communication mechanism."

According to an analysis Botezatu authored today, each bot contains a list of IPs of other infected bots, a list that can be updated in real-time, as the botnet grows and bots are lost or gained.

HNS bots relay instructions and commands from one another, similar to the basics of the P2P protocol. Botezatu says an HNS bot can receive and execute several types of commands, such as "data exfiltration, code execution and interference with a device’s operation."

No DDoS function (yet)
...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top