By
Catalin Cimpanu
Researchers from Chinese security firm Qihoo 360 Netlab and Israeli security firm Check Point have spotted and analyzed the botnet as it continued to grow during the past month.
Both companies say the botnet uses some code from the Mirai IoT malware, but there are also many new things that make the botnet a standalone threat in its own right.
The biggest difference between Reaper and Mirai is its propagation method. Mirai scanned for open Telnet ports and attempted to log in using a preset list of default or weak credentials.
Reaper does not rely on a Telnet scanner, but primarily uses exploits to forcibly take over unpatched devices and add them to its command and control (C&C) infrastructure.
Netlab says that Reaper, at the time of writing, primarily uses a package for nine vulnerabilities: D-Link 1, D-Link 2, Netgear 1, Netgear 2, Linksys, GoAhead, JAWS, Vacron, and AVTECH. Check Point also spotted the botnet attacking MicroTik adn TP-Link routers, Synology NAS devices, and Linux servers.
full read here:
Take a look at the best antivirus, anti-malware, anti-spy, etc. software
Powered by WPeMatico