HEH botnet can wipe your router, servers or IoT devices

New HEH botnet targeting weak telnet services

Cybersecurity researchers discovered a new botnet called HEH. It contains a code that can wipe all data from infected devices, such as routers, servers, and Internet of Things (IoT) devices.

It spreads through launching a brute force attacks against the devices that are connected to the internet and have ports (23 and 2323) exposed to the network. After gaining access it downloads one of the seven binaries to install HEH malware.

However, this HEH malware doesn’t contain any offensive features, such as launching DDoS attacks, or crypto-mining or run proxies and relay traffic to cybercriminals.

HEH botnet features

However, among the characteristics that it does have, we can name the function that traps infected devices and forces them to carry out SSH brute force attacks over the Internet to help amplify the botnet. Also, a feature that allows attackers to execute Shell commands on the infected device. It also has a variation of this second function that executes a list of predefined Shell operations that erase all partitions on the device.

The HEH botnet has been discovered by Netlab security researchers. This is a relatively new threat, so you don’t yet have all the information you need to know if wiping devices is a function you always do. However, they indicate that if this function is used frequently it could lead to the blocking of hundreds or thousands of devices.

It has infected all kinds of servers, routers, and IoT devices. Basically, it can infect any computer that has SSH ports with weak security.

With the deleted partition firmware or operating system, the device is also deleted. This is what would cause computers to hang at least temporarily until the firmware or operating system is reinstalled. However, at one extreme it could mean that that equipment stops working forever since it might not be easy to reinstall the firmware.

From Netlab they have indicated that they detected HEH samples that can run on the following CPU architectures: x86 (32/64), ARM (32/64), MIPS (MIPS32 / MIPS-III), and PPC.

Back to top button
Close