Hajime botnet: 300.000 infected devices and no one knows why

A botnet (Hajime) discovered at the end of last year has grown enormously in recent weeks, but security researchers can not understand why, as they can not understand what it is doing.

The software (malware), dubbed Hajime, was found last October, around the same time the infamous and now infamous Mirai botnet was being used in attacks against the US internet.

The Hajime botnet has so far infected 300.000 internet-connected devices (digital video cameras, cameras and routers) and appears to carefully target specific networks, avoiding devices belonging to US government agencies. Like Mirai, the malware attacks devices that have weak or default settings access and usernames (often “admin” or “root”).

What makes Hajime malware quite different is that it closes some ports on the firewall and opens several others to create a peer-to-peer command and control structure.

But to date, no one is sure what the botnet is or who is behind it.

"The most interesting thing about Hajime is its purpose," its security investigators said Kaspersky in a post on their blog, adding that its purpose is "unknown."

"We haven't seen it used in any kind of attack or malicious activity," the researchers said.

All signs point to a white hat , who has taken it upon himself to “secure some systems,” according to a note he leaves on each system the botnet infects.

But any botnet - even those born with good intentions - can be used for malicious purposes, either by the botnet owner or by someone else who manages to gain access.Hajime botnet

A map showing the geographical sources of the Hajime infection. (Picture: Radware)

Radware researchers said Wednesday that the “flexible and extensible ” of the botnet could be used for malicious purposes, such as performing DDoS attacks, spreading malware, or mass monitoring real-time streaming from web cameras.

Researchers also report that a vulnerability that was recently patched in Hajime could allow a hacker to take control of the botnet.

"Such a large botnet with such flexibility will attract the attention of competing hackers, so I think they are very likely to try to take control and take over the botnet commands."

"The vulnerability has been shut down by the developer, but it proves that malware can contain vulnerabilities," the researchers said.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).