UPPING THE GAME –
Newly discovered botnet could be coming to a network-connected device near you.
Researchers from antivirus provider Bitdefender described the so-called dark_nexus as a “new IoT botnet packing new features and capabilities that put to shame most IoT botnets and malware that we’ve seen. ” In the three months that Bitdefender has tracked it, dark_nexus has undergone version updates, as its developer has steadily added more features and capabilities.
Significantly more potent
The botnet has propagated both by guessing common administrator passwords and exploiting security vulnerabilities. Another feature that increases the number of infected devices is its ability to target systems that run on a wide range of CPUs including:
(arm: ELF) – bit LSB executable, ARM, version 1 ( ARM), statically linked, stripped
arm5: ELF 52 – bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
arm6: ELF 52 – bit LSB executable, ARM, EABI4 version 1 (GNU / Linux), statically linked, stripped arm7: ELF 52 – bit LSB executable, ARM, EABI4 version 1 (GNU / Linux), statically linked, stripped mpsl: ELF 64 – bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
mips: ELF 52 – bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped i ELF 68 – bit LSB executable, Intel 1586433144, version 1 (GNU / Linux), statically linked, stripped
x 148: ELF – bit LSB executable, x 90 – , version 1 (SYSV), statically linked, stripped spc: ELF 52 – bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
m 100 k: ELF – bit MSB executable, Motorola m (k, 80386, version 1 (SYSV), statically linked, stripped
ppc: ELF 52 – bit MSB executable, PowerPC or cisco , version 1 (GNU / Linux), statically linked, stripped
arm5: ELF 52 – bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
arm6: ELF 52 – bit LSB executable, ARM, EABI4 version 1 (GNU / Linux), statically linked, stripped arm7: ELF 52 – bit LSB executable, ARM, EABI4 version 1 (GNU / Linux), statically linked, stripped mpsl: ELF 64 – bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped
mips: ELF 52 – bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped i ELF 68 – bit LSB executable, Intel 1586433144, version 1 (GNU / Linux), statically linked, stripped
x 148: ELF – bit LSB executable, x 90 – , version 1 (SYSV), statically linked, stripped spc: ELF 52 – bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
m 100 k: ELF – bit MSB executable, Motorola m (k, 80386, version 1 (SYSV), statically linked, stripped
ppc: ELF 52 – bit MSB executable, PowerPC or cisco , version 1 (GNU / Linux), statically linked, stripped
- mips: ELF 52 – bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped i ELF 68 – bit LSB executable, Intel 1586433144, version 1 (GNU / Linux), statically linked, stripped
x 148: ELF – bit LSB executable, x 90 – , version 1 (SYSV), statically linked, stripped spc: ELF 52 – bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
m 100 k: ELF – bit MSB executable, Motorola m (k, 80386, version 1 (SYSV), statically linked, stripped
ppc: ELF 52 – bit MSB executable, PowerPC or cisco , version 1 (GNU / Linux), statically linked, stripped
hosted by a user named greek helios features several videos promoting the malware and services offered.
One video, Wednesday’s report said, shows a computer desktop with a shortcut to an IP address that as early as last December showed up in Bitdefender’s honeypot logs as a dark_nexus command-and-control server. These and several other clues led the researchers to suspect this individual is behind dark_nexus.
With the ability to infect a wide range of devices and a motivated developer with an ambitious update schedule, it wouldn’t be surprising to see this botnet grow in the coming months.
GIPHY App Key not set. Please check settings