Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Escapist logo header image

Researcher Maps Internet Using Illegal Botnet Study

This article is over 11 years old and may contain outdated information
image

According to an anonymous report, some of the internet’s most frequent security risks include unsecured modems, routers, and printers.

When browsing the internet, it’s always wise to take precautions to protect yourself from malware. Being careful which links you click and having complex passwords are great first steps, but no matter what you do, it seems like viruses keep finding ways to slip through the cracks. According to a anonymous report published online, a hacker has analyzed those cracks with a botnet that probed the entire internet for nine straight months. If the report is authentic, then it would be one of the most comprehensive surveys of internet security ever devised, while ironically being among its biggest breaches.

To his credit, the anonymous researcher seems to have used the botnet, named Carna, solely to contact IP addresses for propagation. “Our binaries were running with the lowest possible priority and included a watchdog that would stop the executable in case anything went wrong,” the author writes. “We used the devices as a tool to work at the Internet scale. We did this in the least invasive way possible and with the maximum respect to the privacy of the regular device users.”

According to the report, Carna attempted regular contact with 4 billion IP addresses from March to December 2012. Each time Carna encountered a device without account credentials (or used passwords like “root” or “admin”), it copied itself until the botnet was scanning from nearly 420,000 devices. The attached image shows Carna’s client distribution during the study period, where it was primarily installed on devices in the US, Europe, and Asia. All told, Carna reportedly discovered a total of 1.3 billion IP address. From those, Carna received responses from 420 million, not counting another 36 million with open ports. Of the unsecured devices, most appeared to house operating systems never intended for internet communication, such as modems, routers, and printers.

“A lot of devices and services we have seen during our research should never be connected to the public Internet at all,” Carna’s creator writes. “As a rule of thumb, if you believe that ‘nobody would connect [that] to the Internet, really nobody,’ there are at least 1,000 people who did. Whenever you think ‘that shouldn’t be on the Internet but will probably be found a few times’ it’s there a few hundred thousand times. Like half a million printers, or a million Webcams, or devices that have root as a root password.”

Thanks to the anonymous nature of the report, it’s very difficult to verify Carna’s findings without sifting through large portions of the data. That said, the results seem largely consistent with a smaller authorized study by HD Moore, especially in regards to botnet installations on embedded devices. Thankfully, the researcher seems to have good intentions, even repurposing Carna to delete hostile malware it encountered. Still, given how effectively Carna spread, it’s probably a good idea to get that printer of yours behind a firewall when you have a chance.

Source: Internet Census 2012, via Ars Technica

Recommended Videos

The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission.Ā Learn more about our Affiliate Policy