Just saw this posted here yesterday: <a href="https://news.ycombinator.com/item?id=5395009" rel="nofollow">https://news.ycombinator.com/item?id=5395009</a><p>Interestingly, I fell for the sensationalist headline of the Register instead of clicking the original HN link entitled "Port scanning /0 using insecure embedded devices" (which I saw and ignored).<p>I wonder if it will be same here on HN!
Jesus. If getting that many bots in an evening is so easy, it's a wonder botherders spend so much effort on exploiting vulnerabilities in apps or engaging in phishing. Granted, Linux boxes probably aren't going to have the banking or email info you could grab off a Windows machine, but at the very least you could generate a decent number of bitcoins for very little effort. Actually, for that matter, 420k bots could launch a pretty nasty DDoS were the herder so inclined. That's enough firepower to take out some fairly large services, which I'm sure someone would be willing to pay for.
This has to be some of the best research done on the public Internet itself in the past 10 years. I'm not sure what I'm going to try and do with the dump of data, but I can't imagine not finding something to extract from the ~600GB.<p>Highly illegal, yet highly intriguing that building a 400k+ node botnet is this damn simple.
I predict more and more "interesting research" will be done anonymously, like this. This time was blatantly illegal, but simply releasing security vulnerabilities, if you're not willing to comply fully with a vendor's requests, might be prudent to do anonymously as well.
This speaks about Internet scale and the vast problems of security we shall face in the coming decades<p>I mean rtm's Internet worm was supposed to be the great wake up call - and thirty years later look !
<i>After releasing the code overnight the report's writer found 420,000 suitable botnet endpoints ... The botnet was able to spread quickly and efficiently just using the four login combinations and was soon reporting back in healthy numbers.</i><p>That doesn't actually say he infected 420,000 machines, does it?
Github repository which includes the raw data dump: <a href="https://github.com/InternetCensus2012/InternetCensus2012" rel="nofollow">https://github.com/InternetCensus2012/InternetCensus2012</a>
Using the botnet to run security patches is what fascinates me.<p>> But it soon found it was getting competition from a malicious botnet dubbed Aidra and the researcher adapted the binary to block this competitor where possible[...]
Hmm...I wonder if this has anything to do with <a href="https://factorable.net/weakkeys12.extended.pdf" rel="nofollow">https://factorable.net/weakkeys12.extended.pdf</a>
Thanks for the list of 1.3 billion potentially in-use IP addresses! I had to spend USD15 to run 8 medium EC2 instances for 16 hours to only find 200++ million hosts.
this bit is much more interesting: <a href="http://seclists.org/fulldisclosure/2013/Mar/166" rel="nofollow">http://seclists.org/fulldisclosure/2013/Mar/166</a>
> <i>A reboot of the infected system would wipe the binary completely and...</i><p>Why in the heavens would you reboot obviously badly administrated machines quite literally half across the globe if you otherwise took every initiative to not harm the target machines and keep your foot print as small as possible? (lowest possible priority, watchdog) Killing the process and removing the files should have been more than enough and you just don't know what a reboot could do to these systems; regardless of how much the admins of those machines are to blame.