Hajime, Yet Another IoT Botnet

Following on the heels of Mirai, a family of malware exploiting Internet of Things devices, [Sam Edwards] and [Ioannis Profetis] of Rapidity Networks have discovered a malicious Internet worm dubbed Hajime which targets Internet of Things devices.

Around the beginning of October, news of an IoT botnet came forward, turning IP webcams around the world into a DDoS machine. Rapidity Networks took an interest in this worm, and set out a few honeypots in the hopes of discovering what makes it tick.

Looking closely at the data, there was evidence of a second botnet that was significantly more sophisticated. Right now, they’re calling this worm Hajime.

Continue reading “Hajime, Yet Another IoT Botnet”

Single Motor Lets This Robot Do the Worm

With more and more research in the field of autonomous robotics, new methods of locomotion are coming on the scene at a rapid pace. Forget wheels and tracks, forget bi-, quad-, hexa- and octopods, and forget fancy rolling BB-8 clones. If you want to get a mini robot moving, maybe you should teach it to do the worm.

Neither the Gizmodo article nor the abstract of [David Zarrouk]’s paper gives too many details on the construction of this vermiform robot, but there are some clues to be gleaned from the video below. At the 1:41 mark we see the secret of the design – a long corkscrew in the center of the 3D-printed linkages.
Continue reading “Single Motor Lets This Robot Do the Worm”

Robot Does the Worm to Get Around

Walking, jumping, rolling, flying, swimming – robotic locomotion is limited only by the imagination of the inventor. [Roger Rabbit] apparently has a pretty vivid imagination, because he’s building robots that move like worms.

2823251454881775155inchworm-robot-thumbnailVersion 1 of [Roger]’s robot is only semi-vermiform and is more of tube climber. It has a pair of 3D-printed pantographs that expand and contract with servos and move along the robot’s axis on a stepper-driven lead screw. An Arduino reads sensors and coordinates the expansion of the pantographs to grip the internal diameter of a pipe and push the worm-bot along. It’s a slow but effective way to get around in the limited confines of a pipe.

The next iteration, dubbed [Wolly],  is much more worm-like and not restricted to pipe-running. It has four expandable triangular frames connected to each other with rack-and-pinion backbones. The first frame contracts, the racks push it forward, it expands, the next contracts, and soon it’s doing the worm across the floor. Still slow, but pretty neat to watch, and you can see how it can be steered. It might even be able to roll around its long axis, and it’d make a decent tube climber as well.

This creepy autonomous worm-bot seems very similar to [Wolly], but aside from that we haven’t covered too many robots like these. There’s a lot of thought and effort in these worm-bots, and we’re keen to see where [Roger] takes this unique robot body plan.

Continue reading “Robot Does the Worm to Get Around”

Best robot demos from ICRA 2013


The 2013 IEEE International Conference of Robotics and Automation was held early in May. Here’s a video montage of several robots shown off at the event. Looks like it would have been a blast to attend, but at least you can draw some inspiration from such a wide range of examples.

We grabbed a half-dozen screenshots that caught our eye. Moving from the top left in clockwise fashion we have a segmented worm bot that uses rollers for locomotion. There’s an interesting game of catch going on in the lobby with this sphere-footed self balancer. Who would have thought about using wire beaters as wheels? Probably the team that developed the tripod in the upper right. Just below there’s one of the many flying entries, a robot with what looks like a pair of propellers at its center. The rover in the middle is showing off the 3D topography map it creates to find its way. And finally, someone set up a pool of water for this snake to swim around in.

Continue reading “Best robot demos from ICRA 2013”

Careless with your Jailbreak? You’ll get Rickrolled


Here’s further proof that you should understand what it is you’re doing when you go to hack your handheld. Jailbreaking an iPhone has been made quite easy to the point that a lot of folks do it without reading any of the accompanying documentation. Those who didn’t heed the warning to change the default SSH password on a Jailbroken phone might get a bit of a surprise. A worm has been unleashed that finds Jailbroken iPhones and changes the background image to a picture of [Rick Astley]. That’s right, they’ve been Rickrolled.

It’s a clever little devil that propagates by grabbing the IP address of the iPhone it is currently on, then testing all of the IP address in that family to find other devices using the default password. Luckily this worm’s activities are not what we’d call malicious. It doesn’t format the root or create a cell based bot-net (that we know of). This would be akin to the antics of searching Google for unprotected installations of MythWeb and setting some poor schmuck’s MythTV to record every infomercial ever. The point is, this could have been a lot worse, but the attack is predicated on stupidity. In our digital age, why are people leaving default passwords in place?

Containing Conficker


With all the noise about Conficker turning your computer into liquid hot magma on April 1st, there’s actually some positive news. Researchers from the HoneyNet Project have been following the worm since infections started in late 2008. They recently discovered an easy way to identify infected systems remotely. Conficker attempts to patch the MS08-067 vulnerability during infection. A flaw in the patch causes the machine to respond differently than both an unpatched system and an officially patched system. Using this knowledge, the team developed a proof of concept network scanner in python to find infected machines. You can find it in [Rich Mogull]’s initial post. [Dan Kaminisky] has packaged it as an EXE and has instructions for how to build the SVN version of Nmap, which includes the new signature. Other network scanner vendors are adding the code as well.

In conjunction with this detection code, the team has also released the whitepaper Know Your Enemy: Containing Conficker. It discusses ways to detect, contain, and remove Conficker. They’ve combined this with a tool release that covers Conficker’s dynamic domain generation among other things.

Botnet attack via P2P software

P2P networks have long been a legal gray area, used for various spam schemes, illegal filesharing, and lots and lots of adware. Last year, though, the first botnet created by a worm distributed via P2P software surfaced, the work of 19-year-old [Jason Michael Milmont] of Cheyenne, Wyoming, who distributed his Nugache Worm by offering free downloads of the P2P app Limewire with the worm embedded. He later began distributing it using bogus MySpace and Photobucket links shared via chats on AOL Instant Messenger. The strategy proved effective, as the botnet peaked with around 15,000 bots. [Milmont] has plead guilty to the charges against him. Per his plea agreement, he will pay $73,000 in restitution and may serve up to five years in prison.