A botnet (Hajime) discovered at the end of last year has grown enormously in recent weeks, but security researchers can not understand why, as they can not understand what it is doing.
The malicious software (malware), dubbed Hajime, was found last October, around the same time the infamous and now infamous Mirai botnet was being used in attacks against the US internet.
The Hajime botnet has so far infected 300.000 devices connected to the internetnetwork (digital video cameras, cameras and routers) and appears to carefully target specific networks, avoiding devices belonging to US government agencies. Like Mirai, the malware attacks devices that have weak or default passwords and usernames (often “admin” or “root”).
What makes Hajime malware quite different is that it closes some ports on the firewall and opens several others to create a peer-to-peer command and control structure.
But to date, no one is sure what the botnet is or who is behind it.
"The most interesting thing about Hajime is its purpose," its security investigators said Kaspersky in a post on their blog, adding that its purpose is "unknown."
"We haven't seen it used in any kind of attack or malicious activity," the researchers said.
All the signs point to a white hat hacker, who is committed to "locking some systems", according to a note he leaves on any system that infects the botnet.
But any botnet - even those born with good intentions - can be used for malicious purposes, either by the botnet owner or by someone else who manages to gain access.
A map showing the geographical sources of the Hajime infection. (Picture: Radware)
Radware researchers said Wednesday that the botnet's "flexible and scalable nature" could be used for malicious purposes, such as performing DDoS attacks, spreading malicious software ή η μαζική monitoring real-time streaming from web cameras.
Researchers also report that a vulnerability that was recently patched in Hajime could allow a hacker to take control of the botnet.
“A botnet this large with such flexibility will attract the attention of competing hackers, so I think it's very likely that they will try to take control and take over commands of the botnet.”
"The vulnerability has been shut down by the developer, but it proves that malware can contain vulnerabilities," the researchers said.