From en.secnews.gr
Recently, security researchers at Netlab (the network security division of Chinese technology giant Qihoo 360) discovered a new botnet called HEH, which contains code that can remove all data from infected systems such as routers, servers and IoT (Internet of Things) devices. The HEH botnet spreads through brute-force attacks against any internet-connected system that has its SSH ports (23 and 2323) exposed on the internet.
If the device uses default SSH credentials or SSH credentials that are easy to guess, botnet gains access to the target system, where it instantly downloads one of the seven binary archives that install HEH malware . This malware does not have “aggressive” features, such as the ability to execute DDoS attacks, the ability to install crypto-miners, or code to execute proxies.