Last week, Ars introduced readers to Hajime, the vigilante botnet that infects IoT devices before blackhats can hijack them. A technical analysis published Wednesday reveals for the first time just how much technical acumen went into designing and building the renegade network, which just may be the Internet's most advanced IoT botnet.
As previously reported, Hajime uses the same list of user name and password combinations used by Mirai, the IoT botnet that spawned several, record-setting denial-of-service attacks last year. Once Hajime infects an Internet-connected camera, DVR, and other Internet-of-things device, the malware blocks access to four ports known to be the most widely used vectors for infecting IoT devices. It also displays a cryptographically signed message on infected device terminals that describes its creator as "just a white hat, securing some systems..."
A vigilante is putting a huge amount of work into infecting IoT devices | Ars Technica
As previously reported, Hajime uses the same list of user name and password combinations used by Mirai, the IoT botnet that spawned several, record-setting denial-of-service attacks last year. Once Hajime infects an Internet-connected camera, DVR, and other Internet-of-things device, the malware blocks access to four ports known to be the most widely used vectors for infecting IoT devices. It also displays a cryptographically signed message on infected device terminals that describes its creator as "just a white hat, securing some systems..."
A vigilante is putting a huge amount of work into infecting IoT devices | Ars Technica
