Hajime botnet: 300.000 infected devices and no one knows why

A (Hajime) that was discovered late last year has grown in size in recent weeks, but security researchers can't figure out why because they can't figure out what it's doing.

The (malware), dubbed Hajime, was found last October around the same time the infamous and now infamous Mirai botnet was being used in attacks against the US internet.

The Hajime botnet has so far infected 300.000 devices connected to the (digital video cameras, cameras and routers) and appears to be carefully targeted specifically , avoiding devices owned by US government agencies. Like Mirai, the malware attacks devices that have weak or default passwords and usernames (often “admin” or “root”).

What makes Hajime malware quite different is that it closes some ports on the firewall and opens several others to create a peer-to-peer command and control structure.

But to date, no one is sure what the botnet is or who is behind it.

"The most interesting thing about Hajime is its purpose," its security investigators said Kaspersky in a post on their blog, adding that its purpose is "unknown."

"We haven't seen it used in any kind of attack or malicious activity," the researchers said.

All the signs point to a white hat hacker, who is committed to "locking some systems", according to a note he leaves on any system that infects the botnet.

But any botnet - even those born with good intentions - can be used for malicious purposes, either by the botnet owner or by someone else who manages to gain access.Hajime botnet

A map showing the geographical sources of the Hajime infection. (Picture: Radware)

Radware researchers said Wednesday that the botnet's "flexible and scalable nature" could be used for malicious reasons, such as DDoS attacks, malware dissemination or real-time streaming streaming from webcams.

The researchers also report that a vulnerability that was patched in Hajime could allow a hacker to take control of the botnet.

"Such a large botnet with such flexibility will attract the attention of competing hackers, so I think they are very likely to try to take control and take over the botnet commands."

"The vulnerability has been shut down by the developer, but it proves that malware can contain vulnerabilities," the researchers said.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















giorgos

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).