HEH botnet removes data from routers, servers and IoT devices!

From en.secnews.gr

HeH botnet-data-routers, servers and IoT devices

Recently, security researchers at Netlab (the network security division of Chinese technology giant Qihoo 360) discovered a new botnet called HEH, which contains code that can remove all data from infected systems such as routers, servers and IoT (Internet of Things) devices. The HEH botnet spreads through brute-force attacks against any internet-connected system that has its SSH ports (23 and 2323) exposed on the internet.

If the device uses default SSH credentials or SSH credentials that are easy to guess, botnet gains access to the target system, where it instantly downloads one of the seven binary archives that install HEH malware . This malware does not have “aggressive” features, such as the ability to execute DDoS attacks, the ability to install crypto-miners, or code to execute proxies.

Read more…