Brand new IoT Botnet threatens the Internet

by Tomas Statkus - -

Do you remember Mirai? Mirai is the largest IoT malware which launched DDoS attacks and caused massive Internet blackouts just a year ago. However, even though Mirai was stopped, the new-rapidly growing IoT-based botnet was detected by security researchers at Qihoo 360.[1]

IoT reaper botnet

The new botnet was uncovered in September and was named IoT_reaper.

IoT_reaper does not crack passwords anymore, but exploits exposures and vulnerabilities in IoT devices then turns them into part of the malicious botnet.

A range of routers, cameras and NVR manufacturers with revealed vulnerabilities is targeted by the IoT botnet. It includes names such as Dlink, Netgreat, Jaws, Vacron, Linksys, Goahead and AVTECH.

It was announced that IoT_reaper is growing rapidly – a volume of 10,000 new infections per day; it has already compromised approximately two million IoT devices.

In comparison, Mirai blacked out DNS provider DYN by employing DDoS attacks with only 100,000 compromised devices.
In addition, IoT_reaper consists over 100 DNS open resolvers that allow the malware to launch DNS amplification attacks. Researchers at Qihoo 360 warns users and businesses:[2]

Currently, this botnet is still in its early stages of expansion. But the author is actively modifying the code, which deserves our vigilance.

At the same time, researchers at CheckPoint also warns about the threat – potentially the same botnet – IoTroop.[3]

It is too early to guess the intentions of the threat actors behind it, but with previous Botnet DDoS attacks essentially taking down the Internet, it is vital that organizations make proper preparations and defense mechanisms are put in place before attack strikes.

Similar to IoT_reaper, IoTroop exploits vulnerabilities in smart devices from manufacturers such as TP-Link, AVTECH, Linksys and more.

Even though the cybercriminals behind the IoT botnet are unknown, researchers expect that DDoS threat is increasing and is able to reach tens of terabits per second. In addition, security experts at CheckPoint encourage consumers to prepare for the threat:[3]

While some technical aspects lead us to suspect a possible connection to the Mirai botnet, this is an entirely new campaign rapidly spreading throughout the globe. It is too early to assess the intentions of the threat actors behind it, but it is vital to have the proper preparations and defense mechanisms in place before an attack strike.

To sum up, users should be vigilant about the security and protection of smart devices.


About the author

Tomas Statkus
Tomas Statkus - Team leader

Tomas Statkus is an IT specialist, the team leader, and the founder of He has worked in the IT area for over 10 years.

Contact Tomas Statkus
About the company Esolutions


now online
Like us on Facebook