HEH Botnet Description
Cybercriminals are once again going after vulnerable or unsecured Internet-of-Things (IoT) devices. While these devices host important information rarely, cybercriminals can use them for other purposes – such as executing cryptocurrency mining operations or performing Distributed-Denial-of-Service (DDoS) attacks. The latest botnet to harvest IoT devices is called the HEH Botnet, and its primary targets appear to be routers, followed closely by miscellaneous IoT devices and servers. However, the operators' goal behind the HEH Botnet is not still clear because their project appears to exhibit rather strange behavior.
The HEH Botnet is actively looking for victims by scanning the Internet for devices, which have the Telnet ports 23 and 2323 exposed. This would allow the criminals to try to brute force the correct combination of a username and password and access the compromised device. Surprisingly, the HEH Botnet operators are not using the enslaved devices to mine for cryptocurrency, perform ad-fraud, launch DDoS attacks, or any of the other activates that major botnets participate in.
The devices infected by the HEH Botnet are commanded to perform more brute-force attacks against accessible Telnet networks, therefore trying to expand the botnet's size. The botnet also can run a set of PowerShell commands serving an interesting purpose – wiping the device's partitions. Thankfully, the latter activity has not been spotted yet, so it seems to be unused. However, if HEH Botnet's creators opt to use it, they may end up disabling tens of thousands of routers and IoT devices simultaneously.
The HEH Botnet is compatible with popular CPU architectures like PPC, MIPS, ARM and x64/x86. If any of your devices are using the Telnet service on a regular basis, now it is a good time to secure it with a strong password and prevent attacks like the one the HEH Botnet executes.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to HEH Botnet may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.