最近一种新型僵尸网络正在全世界各地疯狂增长,主要瞄准没有保护的IoT设备,其中大部分是IP摄像头。
A recent new type of botnet is growing wildly around the world, targeting mostly unprotected IoT devices, most of which are IP cameras.
这款新型僵尸网络名为Hide'N Seek(NHS),首次出现在1月10号,中间几天时间消失踪迹,于上周末20号回归,实力更加强劲。从最开始感染的12个设备到如今的超过1万4千台设备。
The new botnet, Hide'N Seek (NHS), first appeared on January 10 and disappeared in the middle of a few days and returned to strength on the 20th of last weekend. From the first 12 infected devices to today's more than 14,000 devices.
与Mirai无关
与最近几周出现的IoT僵尸网络不同,HNS的源代码并非是去年网上泄露的Mirai源代码的修改版。
事实上,根据安全研究员调查,HNS僵尸网络更像Hajime。
HNS是继臭名昭著的Hajime僵尸网络之后,至今为止,第二大知名的僵尸网络,具有去中心化、点对点的结构。然而,Hajime的P2P(点对点)结果是建立在BitTorrent协议上,HNS有自己定制的P2P通讯机制。
每个bot都包含一系列其他受感染bot病毒的IP列表, 随着僵尸网络的增长,这个IP列表会进行实时调整。
NHS的网络病毒依赖于彼此之间的指令和命令,这个和P2P协议的原理类似。HNSbot能够接受的指令包括:数据渗透、代码执行、影响其他设备的操作。
Having nothing to do with Mirai
Unlike the IoT botnets that have emerged in recent weeks, the source code for HNS is not a modified version of the Mirai source code leaked online last year.
In fact, HNS botnets are more like Hajime, according to security researchers.
HNS is the second most well-known botnet ever since the notorious Hajime botnet, with a decentralized, point-to-point structure. However, Hajime's P2P (Peer to Peer) result is based on the BitTorrent protocol, which has its own custom P2P communication mechanism.
Each bot contains a list of IPs for a list of other infected bot viruses, and as the botnet grows, the IP list is adjusted in real time.
Network viruses of the NHS rely on instructions and commands from each other, which is similar to the principle of P2P protocols. HNSbot acceptable instructions include: data infiltration, code execution, affect the operation of other devices.
目前尚不能进行DDoS攻击
目前安全研究员尚未发现DDoS攻击的功能,说明HNS僵尸网络打算部署为代理网络。
Currently DDoS attacks are not currently available
Currently, security researchers have not discovered the function of DDoS attacks, indicating that the HNS botnet is going to be deployed as a proxy network.
HNS目前仍在发展中
HNS在IoT恶意软件领域还是新生,HNS仍然处于不断发展变化的阶段。
这些“新生”的僵尸网络都会逐渐消失,让我们祈祷HNS的作者会厌倦然后放弃他的“实验”吧。
HNS is still under development
HNS is still new in IoT malware, and HNS is still in a phase of constant change.
These newborn botnets will gradually disappear, let us pray HNS authors will be tired and then give up his experiment.