Article 595T9 Thousands of infected IoT devices used in for-profit anonymity service

Thousands of infected IoT devices used in for-profit anonymity service

by
Dan Goodin
from Ars Technica - All content on (#595T9)
iot-botnet-800x450.jpg

Enlarge (credit: Aurich Lawson / Ars Technica)

Some 9,000 devices-mostly running Android, but also the Linux and Darwin operating Systems-have been corralled into the Interplanetary Storm, the name given to a botnet whose chief purpose is creating a for-profit proxy service, likely for anonymous Internet use.

The finding is based on several pieces of evidence collected by researchers from security provider Bitdefender. The core piece of evidence is a series of six specialized nodes that are part of the management infrastructure. They include a:

  • proxy backend that pings other nodes to prove its availability
  • proxy checker that connects to a bot proxy
  • manager that issues scanning and brute-forcing commands
  • backend interface responsible for hosting a Web API
  • node that uses cryptography keys to authenticate other devices and sign authorized messages
  • development node used for development purposes
Keeping it on the down-low

Together, these nodes are responsible for checking for node availability, connecting to proxy nodes, hosting the web API service, signing authorized messages, and even testing the malware in its development phase," Bitdefender researchers wrote in a report published on Thursday. Along with other development choices, this leads us to believe that the botnet is used as a proxy network, potentially offered as an anonymization service."

Read 9 remaining paragraphs | Comments

index?i=kJTwWV-pg80:Vr_Fv1n3MIg:V_sGLiPB index?i=kJTwWV-pg80:Vr_Fv1n3MIg:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments