The New HEH Botnet Infects IoT Devices And Completely Reset Them

The researchers at Netlab — the cyber and network security division of Chinese tech giant Qihoo 360 — have warned about the emergence of a new malware HEH, which infects IoT devices and can completely reset them, destroying everything, including the OS and firmware.

This botnet is as new as the virus it carries, and almost nothing is known about it, except how other computers are attacked — a force action on SSH ports 23 and 2323. Brute force attacks consist of bombarding of requests a router (or server) until the right combination of login credentials is found.

Suppose the device uses default credentials or a simple combination of username and password, which are easy to guess. In that case, the botnet gains access to the device, where it immediately downloads one of seven binaries and installs the HEH malware itself.

According to researchers, HEH would still be a sketchy virus, without truly offensive features such as the ability to launch DDoS attacks, install other viruses to produce cryptocurrencies or route web traffic to attackers’ servers.

Instead, the malware forces affected IoT devices to attack other devices via SSH, allow attackers to execute shell commands and exhibit destructive behavior. It can execute a list of predefined shell operations, destroy all partitions, and thereby erase all data on the device.

It looks like HEH is trying to self-destruct in this way, but clearing all partitions will completely erase the firmware or OS and may temporarily disable the device. Even worse, not all users will be able to reinstall the firmware on their IoT devices after such an attack, and in the end, they can simply throw away the old device and buy a new one instead.

So far, researchers have not established whether this behavior of the malware is intentional or whether the hackers simply made a mistake in the code. 

Netlab claims to have found copies of HEH that can run on x86, ARM, MIPS, and PPC devices. Basically, everything, from normal home computers to company servers up to IoT devices, that is smart devices for home automation. Smart Speaker included.

Bhasker Das
Bhasker Das
Bhasker Das, with a master's in Cybersecurity, is a seasoned editor focusing on online security, privacy, and protection. When not decrypting the complexities of the cyber world, Anu indulges in his passion for chess, seeing parallels in strategy and foresight.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More from this stream