Thousands of infected IoT devices used in for-profit anonymity service
Interplanetary Storm uses P2P networking, mostly in devices running Android. …
39 with 32 posters participating, including story author
Some 9,000 devices—mostly running Android, but also the Linux and Darwin operating Systems—have been corralled into the Interplanetary Storm, the name given to a botnet whose chief purpose is creating a for-profit proxy service, likely for anonymous Internet use.
The finding is based on several pieces of evidence collected by researchers from security provider Bitdefender. The core piece of evidence is a series of six specialized nodes that are part of the management infrastructure. They include a:
- proxy backend that pings other nodes to prove its availability
- proxy checker that connects to a bot proxy
- manager that issues scanning and brute-forcing commands
- backend interface responsible for hosting a Web API
- node that uses cryptography keys to authenticate other devices and sign authorized messages
- development node used for development purposes
Keeping it on the down-low
Together, these nodes “are responsible for checking for node availability, connecting to proxy nodes, hosting the web API service, signing authorized messages, and even testing the malware in its development phase,” Bitdefender researchers wrote in a report published on Thursday. “Along with other development choices, this leads us to believe that the botnet is used as a proxy network, potentially offered as an anonymization service.”
It’s not the first time researchers have found botnets used to provide networks for quasi-anonymous Internet usage. Security journalist Brian Krebs has reported on them
over the years since as early as 2008. Various researchers have also documented them. One thing that Bitdefender found interesting about this time is that
Continue reading – Article source