HEH is a newly discovered botnet by security researchers from Netlab. Netlab is the network security division of Chinese tech giant Qihoo 360. Because HEH is relatively new, the researchers at Netlab can’t tell if its device-wiping operation has been intentionally created, or if it’s just not sufficiently developed in its self-destruction routine. While its true purpose is still unknown, if such a feature becomes triggered, it could result in hundreds or thousands of bricked and non-functioning IoT devices. The article below tells the full story on what the researchers know at this point in time.
A newly discovered botnet contains code that can wipe all data from infected systems, such as routers, servers, and Internet of Things (IoT) devices.
Named HEH, the botnet spreads by launching brute-force attacks against any internet-connected system that has its Telnet ports (23 and 2323) exposed online.
If the device uses default or easy-to-guess Telnet credentials, the botnet gains access to the system, where it immediately downloads one of seven binaries that install the HEH malware.