Skip to main content

Security firm Incapsula discovers massive botnet, spans 109 countries worldwide

Image used with permission by copyright holder
According to a new report from the internet security firm Incapsula, a massive botnet spanning 109 different countries around the world has been tearing its way through SOHO (small office/home office) routers since December of last year.

Set up as a network of devices ready to respond to any DDoS operations its masters might need to launch, the spread of the infection started with the notorious “Spike” malware variant, which has since morphed into what Incapsula refers to as “MrBlack”.

Recommended Videos

MrBlack is a tool which works by first infecting the device of a user who has left their router security credentials as the default option for remote administration. We spoke about this issue briefly in the last edition of Decrypt This, wherein consumers will keep the username/password combo to get into their home router as “admin” and “password”, respectively. The botnet seeks out any routers tagged with these credentials, and after automatically accessing the hub, will infect the network and lie in wait for its next command.

Please enable Javascript to view this content

“After inspecting a sample of 13,000 malware files, we saw that on average, each compromised router held four variants of MrBlack malware, as well as additional malware files, including Dofloo and Mayday, which are also used for DDoS attacks,” said the report’s author.

For now, the hardest hit by the attack are routers made by the little-known company Ubiquiti. The company is primarily concerned with providing bulk network hub solutions that ISPs can lease out to customers on a month-to-month basis, and its involvement just goes to show that as the router industry moves more toward homogeneity and away from specific innovations, the threat to our information and identities becomes greater than ever before.

Incapsula’s investigation into the source of the problem uncovered that about 85% of the devices affected by the problem reside in either Thailand or Brazil, while 21% of the command-and-control servers are located in the United States. Though there’s no hard evidence to make a connection just yet, Incapsula says there has been an increased amount of chatter in a known Anonymous hangout about the botnet, as well as rumblings on Lizard Squad’s Twitter page about a revival of their older Stresser tool.

“Based on the profile of targets and the attack patterns, we know these compromised routers are being exploited by several groups or individuals. For instance, our analysis also shows that several of these malware variants are reporting to AnonOps IRC channel, indicating that Anonymous [could be] one of the groups responsible for exploiting these under-protected devices,” read the report.

These frayed links have leads researchers to believe that even if the two groups aren’t directly involved, they’re still interested in emulating the techniques used by its true perpetrator.

We’ll be keeping a close eye on this botnet as more details about its proliferation surface, so stay tuned to Digital Trends for all the latest updates.

Chris Stobing
Former Digital Trends Contributor
Self-proclaimed geek and nerd extraordinaire, Chris Stobing is a writer and blogger from the heart of Silicon Valley. Raised…
ChatGPT’s new Pro subscription will cost you $200 per month
glasses and chatgpt

Sam Altman and team kicked off the company's "12 Days of OpenAI" event Thursday with a live stream to debut the fully functional version of its 01 reasoning model, as well as a new subscription tier called ChatGPT Pro. But to gain unlimited access to these new features and capabilities, you're going to need to shell out an exorbitant $200 per month.

The 01 model, originally codenamed Project Strawberry, was first released in September as a preview, alongside a lighter-weight o1-mini model, to ChatGPT-Plus subscribers. o1, as a reasoning model, differs from standard LLMs in that it is capable of fact-checking itself before returning its generated response to the user. This helps such models reduce their propensity to hallucinate answers but comes at the cost of a longer inference period and slower response.

Read more
Surface Pro alternative: This Asus Chromebook is another $70 off today
A man holding the Asus Chromebook CM3001 Laptop.

While fast and powerful CPUs and GPUs go a long way with a desktop or laptop, not every PC needs to be a workhorse. Some folks only need a computer for basic web browsing or watching the occasional HD movie or show. That’s why we’re always on the lookout for great Chromebook deals. These Chrome OS machines are just strong enough to deliver a notch above the basics, and today, we found an excellent discount on an Asus Chromebook. For a limited time, when you purchase the Asus Chromebook CM3001 Laptop at Best Buy, you’ll only pay $230. At full price, this model sells for $300.

Why you should buy the Asus CM3001 Laptop
From its convenient 2-in-1 design (check out our list of the best 2-in-1 deals) to its beautiful 10.5-inch 1920 x 1200 touchscreen (WUXGA), the CM30 is a laptop you’ll have zero issues taking just about anywhere. Its light form factor is a huge plus, and when closed, the CM30 is only 0.67 inches thick! And while we’re not dealing with Intel or AMD for internals, the onboard MediaTek Kompanio 520 CPU runs and smooth and efficient ship. It's also a great Surface Pro alternative, for those tiring of the Windows way.

Read more
Get Copilot+ features for less with this Asus laptop deal
An Asus ProArt P16 laptop on a white background.

One of the best laptop deals right now is perfect for anyone who is seeking a Copilot PC. If you’re looking to enjoy AI features, check out the Asus ProArt P16 laptop which is $200 off at Best Buy. The laptop normally costs $1,900 but right now, you can buy it for $1,700. A high-end productivity-focused laptop which also packs a punch for some gaming too, this is an ideal workhorse of a PC. Here’s all you need to know about it alongside some insight into the wonders of Copilot.

Why you should buy the Asus ProArt P16 laptop
Asus features in our look at the best laptop brands thanks to the company being great at developing all-rounder laptops. The Asus ProArt P16 laptop is one such highlight. It has an AMD Ryzen AI 9 HX 370 CPU, 32GB of memory, 1TB of SSD storage, and an Nvidia GeForce RTX 4060 GPU.

Read more