[Cryptography] Anyone else seeing an uptick in infected IoT devices? New botnet?
Ray Dillinger
bear at sonic.net
Tue Dec 6 13:32:06 EST 2016
In the last few weeks I've seen something close to a doubling of the
number of botnet-infected IoT devices at sites around the SF Bay Area.
Or maybe it's just a doubling of the rate at which people notice them,
I'm not sure.
Anybody else seeing this? Is it a local effect or worldwide? Anybody
know what's infecting them? Mostly they got noticed when people found
themselves on spam blocking lists due to spam originating at the sites.
The increase in rate of infection seems to apply only to ARM devices
but that doesn't narrow it down much.
The reason why I'm wondering if it's mainly a local effect is because
there doesn't seem to be any IP address that they're "phoning home" to
and they're not doing DNS queries for any names. Virtually all their
Internet traffic is outbound. I don't see any inbound channel big
enough to be domain or email address lists, and they go silent if
powered up at a different location unless that location is also
infected. I'm wondering if the control channel (and possibly the
infection vector) is wi-fi. Commands jumping between local networks by
wi-fi would spread in most urban areas because most places have a dozen
overlapping wi-fi networks and wi-fi security is crap. But if so then
control would be local to a metro area.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161206/b39599a6/attachment.sig>
More information about the cryptography
mailing list