BF-SIRT Newsletter 2018-28

Botnet built with one exploit only

A malware author has built a huge botnet comprised of over 18,000 routers in the span of only one day.

This new botnet has been spotted this week by security researchers from NewSky Security, and their findings have been confirmed by Qihoo 360 Netlab, Rapid7, and Greynoise.

The botnet has been built by exploiting a vulnerability in Huawei HG532 routers, tracked as CVE-2017-17215.

Botnet author is a known threat actor

The botnet herder identified himself with the pseudonym “Anarchy.” Answering inquiries from both Anubhav and Bleeping Computer, Anarchy did not provide a reason why he created the botnet.

But Anubhav believes Anarchy may actually be a hacker who previously identified as Wicked, which Anubhav interviewed on NewSky’s blog and Fortinet featured in a report here.

But the real problem here is not a malware author doing what he does best. The problem is the relative ease with which Anarchy built a gigantic botnet within one day.

He didn’t do it with a zero-day or some vulnerability that had not been exploited before. He did so with a high-profile vulnerability that many botnets have exploited before.

Top 5 Security links

Public By Default: What Venmo (and the Whole World) Knows About You

Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs

Sextortion scam knows your password, but don’t fall for it

Director of National Intelligence warns of devastating cyber threat to US infrastructure

Google User Content CDN Used for Malware Hosting