White-hat Botnet Infects, Then Secures IoT Devices

[Symantec] Reports Hajime seems to be a white hat worm that spreads over telnet in order to secure IoT devices instead of actually doing anything malicious.

[Brian Benchoff] wrote a great article about the Hajime Worm just as the story broke when first discovered back in October last year. At the time, it looked like the beginnings of a malicious IoT botnet out to cause some DDoS trouble. In a crazy turn of events, it now seems that the worm is actually securing devices affected by another major IoT botnet, dubbed Mirai, which has been launching DDoS attacks. More recently a new Mirai variant has been launching application-layer attacks since it’s source code was uploaded to a GitHub account and adapted.

Hajime is a much more complex botnet than Mirai as it is controlled through peer-to-peer propagating commands through infected devices, whilst the latter uses hard-coded addresses for the command and control of the botnet. Hajime can also cloak its self better, managing to hide its self from running processes and hide its files from the device.

The author can open a shell script to any infected machine in the network at any time, and the code is modular, so new capabilities can be added on the fly. It is apparent from the code that a fair amount of development time went into designing this worm.

So where is this all going? So far this is beginning to look like a cyber battle of Good vs Evil. Or it’s a turf war between rival cyber-mafias. Only time will tell.

RIAA pays out $108,000 to P2P lawsuit defendant


[Tanya Andersen], the defendant in Atlantic v. Andersen, has finally been paid $107,951 for reimbursement of legal fees. RIAA lawyers had appealed to get the amount reduced and originally offered $30,000 then $60,000, but [Andersen]’s lawyers convinced the judge to uphold the six-figure sum.

This is a significant setback for industry lawyers who often use illegal discovery techniques and have been criticized for using overly-litigious legal strategies to force defendants to settle. Sadly though, the payout only covers [Andersen]’s legal fees and doesn’t offer any compensation for damages, but a counter-suit filed in Portland, Oregon seeks exactly that. Here’s hoping her lawyers [Lory Lybeck] and [Ben Justus] continue to set favorable legal precedents for defendants of these lawsuits.

As far as the technical side of the discovery methods go, there are many ways to keep the RIAA off your back. The simplest is to disable your P2P client’s available file listing or turning off outbound traffic altogether. Other ways are to use encryption (although this is usually to get around ISP blocks) or download to an offsite machine. Hopefully, though, this judgment and eventual payout will make the recording companies reconsider the amount of lawsuits they file and to use less aggressive legal tactics.

Botnet attack via P2P software


P2P networks have long been a legal gray area, used for various spam schemes, illegal filesharing, and lots and lots of adware. Last year, though, the first botnet created by a worm distributed via P2P software surfaced, the work of 19-year-old [Jason Michael Milmont] of Cheyenne, Wyoming, who distributed his Nugache Worm by offering free downloads of the P2P app Limewire with the worm embedded. He later began distributing it using bogus MySpace and Photobucket links shared via chats on AOL Instant Messenger. The strategy proved effective, as the botnet peaked with around 15,000 bots. [Milmont] has plead guilty to the charges against him. Per his plea agreement, he will pay $73,000 in restitution and may serve up to five years in prison.

OiNK uploaders’ bail extended


The six people arrested by British authorities for uploading files to the OiNK torrent network, all out on bail, have had the period of their bail extended. Charged with conspiracy to defraud the music industry, the woman and five men as well as OiNK operator [Alan Ellis] have been ordered to report to the police on July 1st, where their bail will be formally extended for another 27 days. According to TorrentFreak, sources close to the case believe that the police are still building their criminal case, which accounts for the bail extensions. They could have civil charges levied against them, but current British Law cannot prosecute individuals for illegal filesharing unless it is done for profit.