Qihoo 360's Netlab security team has discovered the HEH Botnet, which hijacks Internet-connected smart devices to carry out distributed denial of service (DDoS) attacks, illicit cryptocurrency coin mining, and other nefarious tasks.
The HEH Botnet is spread by a brute-force attack of the Telnet service, and is downloaded and executed by a malicious Shell script named "wpqnbw.txt."
The HEH sample then downloads rogue programs for different central processing unit (CPU) architectures using the Shell script, and eventually terminates numerous service processes based on their port numbers.
In its second phase, the HEH sample starts an HTTP server that displays the Universal Declaration of Human Rights in eight languages, then initializes a P2P module that enables the attacker to run arbitrary shell commands, including a self-destruct command that can wipe all data from the compromised device.
From The Hacker News
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found