All Software on this site is 'freeware' and is offered to your 'as is' with no warrenties whatsoever.
19th July 2018  
 

About


Home
News
Contact (Email)
Forums

SOFTWARE
TotalSpoof
UPExtractor
FileRename
Pix Viewer
iDump

Visits: 1548000


News Updates


13/05 The revolutionary HNS botnet
03/11 Lazaru Hackers Used Hermes Ransomware to Cover over Big Bank Heist
07/06 iDump Build 29 Released
29/07 New Server
23/06 iDump Update Build24
01/01 iDump Update v1.1.0
08/10 iDump Update v1.0.8

Google
WWW CodersHole.com

You'll find what you need here

 

The revolutionary HNS botnet
posted date: 13/05/2018
 

Botnets are large networks of enslaved, remotely controlled devices that cybercriminals can use for various malicious purposes. Some common uses cases include spam campaigns and distributed denial-of-service (DDoS) attacks, to name few. Over time, botnets underwent an evolution to align with the rapid technological progress. The relatively new one referred to as HNS (Hide and Seek) appears to be one of a kind as it boasts revolutionary communication and persistence features.

The malware underlying HNS was originally spotted on January 10, 2018. It acted in a unique way from the get-go, targeting online-accessible IoT (Internet of Things) devices rather than regular PCs. The worst part is that the strain perseveres on compromised smart gadgets even after a reset.

HNS botnet heatmap

It used to be that resetting a hacked device, that is, cleaning its flash memory would wipe any malware from it. With this cutting-edge infection, though, the onslaught continues regardless. This is because its payload ends up in /etc/init.d/, a directory that hosts critical operating system scripts and remains unaltered even after an IoT device has been rolled back to its factory settings.

One more trait of the Hide and Seek botnet malware is that it leverages a custom P2P protocol to communicate with the zombie systems. This characteristic, along with the use of catalogued firmware exploits, make the culprit a highly toxic contagion. On the one hand, it can harness software vulnerabilities to infect new IoT objects. On the other, it can also instruct these devices to scan for counterparts with vulnerable Telnet port, just to access these systems using default credentials. The latest edition of HNS supports a dozen of different types of IoT devices.

Some good news, though, is that the HNS botnet is reportedly incapable of orchestrating DDoS incursions at this point. Another noteworthy fact is that the above-mentioned boot persistence feature only applies if the contamination takes place via Telnet port. One way or another, this botnet is shaping up to be a new big player on the cybercrime landscape.

[back to News updates]

Problems with the site then report it here.