A MASSIVE botnet that has been building up over the past few weeks threatens to destroy the Internet, Israeli cybersecurity experts have warned.

Botnet (English Botnet, IPA: ; comes from the words robot and network) - a computer network consisting of a certain number of hosts, with running bots - autonomous software. Most often, a bot in a botnet is a program that is hidden on devices and allowed to the attacker. Typically used for illegal or unapproved activities - sending spam, brute-forcing passwords on a remote system, denial of service attacks (DoS and DDoS attacks).

The new botnet uses all sorts of devices, including WiFi routers and webcams. Once hacked, they will collectively send bursts of data to the servers that power the Internet, causing them to crash and eventually go offline.

Around this time last year there was a similar attack caused by the Mirai botnet - it shut down the Internet on almost everything East Coast USA.

Now, however, Israeli security researchers at Check Point have discovered what they call a completely new and more sophisticated botnet, the full activity of which could cause a virtual “cyber hurricane.”

“So far we estimate that more than a million organizations have already been affected worldwide, including the US, Australia and certain areas in between. And their number is only increasing. Our research shows that we are currently experiencing a period of calm before a very big storm. The next cyber hurricane is coming soon.”

Thus, it turns out that the botnet, called Reaper by Israeli specialists, has already infected the networks of at least a million companies. The number of infected devices and computers can no longer be determined.

Using Check Point's intrusion prevention system (IPS), researchers have noticed that hackers are increasingly attempting to exploit a combination of vulnerabilities found in various smart gadgets. This is their data received during September.

And every day, malware is discovering more and more vulnerabilities in devices. This is especially true for wireless IP cameras such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others.

It became obvious that the attempted attacks came from different sources and various devices, which meant: the attack was spread by the devices themselves.

One tech site assessing the threat warns that this “reaper” will wipe out the entire Internet.

Check Point says that as we experience the "calm before the storm," companies should begin preparing early for a distributed denial of service (DDoS) attack that could potentially lock up resources.

DDoS attacks were made famous by the Lizard Squad, a cyber gang that entered the PlayStation network during Christmas 2014. They involve flooding websites or other targets with overloaded traffic, causing them to crash. Therefore, security experts of all firms and companies are asked not only to scan their networks, but also to proactively disable the maximum number of gadgets, considering them as infected.

Private device owners are encouraged to do the same, although the only thing non-technical users may notice is slower connection speeds, especially over Wi-Fi.

A MASSIVE botnet that has been building up over the past few weeks threatens to destroy the Internet, Israeli cybersecurity experts have warned.

Botnet (English Botnet, IPA:; derived from the words robot and network) is a computer network consisting of a certain number of hosts running bots - autonomous software. Most often, a bot in a botnet is a program that is hidden and accessible on devices and allowed to the attacker. Typically used for illegal or unapproved activities - sending spam, brute force passwords on a remote system, denial of service attacks (DoS and DDoS attacks).

The new botnet uses all sorts of devices, including WiFi routers and webcams. Once hacked, they will collectively send bursts of data to the servers that power the Internet, causing them to crash and eventually go offline.

Around this time last year, there was a similar attack caused by the Mirai botnet that shut down the Internet on almost the entire East Coast of the United States.

Now, however, Israeli security researchers at Check Point have discovered what they call a completely new and more sophisticated botnet, the full activity of which could cause a virtual "cyber hurricane."

"So far we estimate that around the world, including the US, Australia and certain areas in between, more than a million organizations have already been affected. And the number is only increasing. Our research shows that we are currently experiencing a period of calm before a very big storm. Next The cyber hurricane is coming soon."

Thus, it turns out that the botnet, called Reaper by Israeli specialists, has already infected the networks of at least a million companies. The number of infected devices and computers can no longer be determined.

Using Check Point's intrusion prevention system (IPS), researchers have noticed that hackers are increasingly attempting to exploit a combination of vulnerabilities found in various smart gadgets. This is their data received during September.

And every day, malware is discovering more and more vulnerabilities in devices. This is especially true for wireless IP cameras such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others.

It became obvious that the attack attempts came from different sources and different devices, which meant that the attack was spread by the devices themselves.

One tech site, assessing the threat, warns that this “reaper will decimate the entire Internet.

Check Point says that while we are experiencing the "calm before the storm," companies should begin preparing early for a distributed denial of service (DDoS) attack that could potentially lock up resources.

DDoS attacks were made famous by the Lizard Squad, a cyber gang that entered the PlayStation network during Christmas 2014. They involve flooding websites or other targets with overloaded traffic, causing them to crash. Therefore, security experts of all firms and companies are asked not only to scan their networks, but also to proactively disable the maximum number of gadgets, considering them as infected.

Private device owners are encouraged to do the same, although the only thing non-technical users may notice is slower connection speeds, especially over Wi-Fi.

A cyber hurricane is coming that could “break” the Internet

The ranks of powerful botnets for Internet of Things (IoT) devices continue to grow. Recently, a new competitor to the Mirai and Necurs botnets, called IoT_reaper, was spotted online and has grown to gigantic proportions since mid-September. According to researchers from Qihoo 360 Netlab and Check Point, the botnet currently includes about 2 million devices. These are mainly IP cameras, IP network video recorders and digital video recorders.

With the development of the Internet of Things (IoT), viruses are also beginning to multiply, with the help of which you can damage electronics. Moreover, the very essence of IoT presupposes the presence of many connected devices. This is an excellent “habitat” for botnets: having infected one device, the virus copies itself to all available devices.

At the end of last year, the world learned about a gigantic (almost 5 million devices) botnet consisting of routers. The German telecom giant Deutsche Telekom also encountered router hacking, whose user devices were infected with malware called Mirai. Network equipment It didn't stop there: safety problems were found in Miele smart dishwashers and AGA cookers. The “cherry on the cake” was the BrickerBot malware, which, unlike its “colleagues,” not only infected vulnerable devices, but completely disabled them.

Availability in home network A poorly configured or vulnerable IoT device can have dire consequences. One of the most common scenarios is the inclusion of a device in a botnet. This is perhaps the most harmless option for its owner; other uses are more dangerous. Thus, devices from the home network can be used as an intermediate link for committing illegal actions. In addition, an attacker who has gained access to an IoT device can spy on its owner for the purpose of subsequent blackmail - history already knows such incidents. In the end (and this is far from the worst-case scenario), the infected device may simply be broken.

Kaspersky Lab specialists previously conducted an experiment by setting up several honeypots that imitated various smart devices. Experts recorded the first attempts of unauthorized connection to them within a few seconds.

Several tens of thousands of requests were registered per day. Among the devices from which experts observed attacks, more than 63% can be identified as IP cameras. About 16% were various network devices and routers. Another 1% came from Wi-Fi repeaters, TV set-top boxes, IP telephony devices, Tor output nodes, printers, devices " smart home"The remaining 20% ​​of devices could not be clearly identified.

If you look at the geographical location of devices from whose IP addresses experts saw attacks on honeypots, you can see the following picture: the top 3 countries included China (14% of attacking devices), Vietnam (12%) and Russia (7%).

The reason for the increase in the number of such attacks is simple: the Internet of Things today is practically not protected from cyber threats. The vast majority of devices run on Linux, which makes life easier for criminals: they can write one piece of malware that will be effective against a large number of devices. In addition, most IoT gadgets do not have any security solutions, and manufacturers rarely release security updates and new firmware.

Recently it became known about the emergence of a new botnet, IoT_reaper, which has spread to approximately 2 million devices since mid-September, according to a study by Qihoo 360 Netlab and Check Point.

The malware used to create the botnet includes snippets of Mirai code, but also contains a number of new features that differentiate Reaper from its competitors, the researchers said. Its main difference lies in the distribution method. While Mirai looks for open Telnet ports and tries to compromise a device using a list of common or weak passwords, Reaper looks for vulnerabilities that could potentially infect more devices.

According to Qihoo 360 Netlab, the malware includes a scripting environment in the Lua language, which allows operators to add modules for various tasks, such as DDoS attacks, traffic redirection, etc.

Check Point experts believe that Reaper can paralyze the Internet for some time. “We estimate that more than a million organizations have already been affected by Reaper. We are now experiencing the calm before a major storm. A cyber storm will soon overtake the Internet,” Check Point said in a statement

A MASSIVE botnet that has been building up over the past few weeks threatens to destroy the Internet, Israeli cybersecurity experts have warned.

Botnet (English Botnet, IPA: ; derived from the words robot and network) is a computer network consisting of a certain number of hosts running bots - autonomous software. Most often, a bot in a botnet is a program that is hidden on devices and allowed to the attacker. Typically used for illegal or unapproved activities - sending spam, brute-forcing passwords on a remote system, denial of service attacks (DoS and DDoS attacks).

The new botnet uses all sorts of devices, including WiFi routers and webcams. Once hacked, they will collectively send bursts of data to the servers that power the Internet, causing them to crash and eventually go offline.

Around this time last year, there was a similar attack caused by the Mirai botnet that shut down the Internet on almost the entire East Coast of the United States.

Now, however, Israeli security researchers at Check Point have discovered what they call a completely new and more sophisticated botnet, the full activity of which could cause a virtual “cyber hurricane.”

“So far we estimate that more than a million organizations have already been affected worldwide, including the US, Australia and certain areas in between. And their number is only increasing. Our research shows that we are currently experiencing a period of calm before a very big storm. The next cyber hurricane is coming soon.”

Thus, it turns out that the botnet, called Reaper by Israeli specialists, has already infected the networks of at least a million companies. The number of infected devices and computers can no longer be determined.

Using Check Point's intrusion prevention system (IPS), researchers have noticed that hackers are increasingly attempting to exploit a combination of vulnerabilities found in various smart gadgets. This is their data received during September.

And every day, malware is discovering more and more vulnerabilities in devices. This is especially true for wireless IP cameras such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others.

It became obvious that the attack attempts came from different sources and different devices, which meant that the attack was spread by the devices themselves.

One tech site assessing the threat warns that this “reaper” will wipe out the entire Internet.

Check Point says that as we experience the "calm before the storm," companies should begin preparing early for a distributed denial of service (DDoS) attack that could potentially lock up resources.

DDoS attacks were made famous by the Lizard Squad, a cyber gang that entered the PlayStation network during Christmas 2014. They involve flooding websites or other targets with overloaded traffic, causing them to crash. Therefore, security experts of all firms and companies are asked not only to scan their networks, but also to proactively disable the maximum number of gadgets, considering them as infected.

Private device owners are encouraged to do the same, although the only thing non-technical users may notice is slower connection speeds, especially over Wi-Fi.

A cyber hurricane is coming that could “break” the Internet

The ranks of powerful botnets for Internet of Things (IoT) devices continue to grow. Recently, a new competitor to the Mirai and Necurs botnets, called IoT_reaper, was spotted online and has grown to gigantic proportions since mid-September. According to researchers from Qihoo 360 Netlab and Check Point, the botnet currently includes about 2 million devices. These are mainly IP cameras, IP network video recorders and digital video recorders.

With the development of the Internet of Things (IoT), viruses are also beginning to multiply, with the help of which you can damage electronics. Moreover, the very essence of IoT presupposes the presence of many connected devices. This is an excellent “habitat” for botnets: having infected one device, the virus copies itself to all available devices.

At the end of last year, the world learned about a gigantic (almost 5 million devices) botnet consisting of routers. The German telecom giant Deutsche Telekom also encountered router hacking, whose user devices were infected with a malware called Mirai. The matter was not limited to network equipment: security problems were discovered in smart Miele dishwashers and AGA cookers. The “cherry on the cake” was the BrickerBot malware, which, unlike its “colleagues,” not only infected vulnerable devices, but completely disabled them.

Having a poorly configured or vulnerable IoT device on your home network can have dire consequences. One of the most common scenarios is the inclusion of a device in a botnet. This is perhaps the most harmless option for its owner; other uses are more dangerous. Thus, devices from the home network can be used as an intermediate link for committing illegal actions. In addition, an attacker who has gained access to an IoT device can spy on its owner for the purpose of subsequent blackmail - history already knows such incidents. In the end (and this is far from the worst-case scenario), the infected device may simply be broken.

Kaspersky Lab specialists previously conducted an experiment by setting up several honeypots that imitated various smart devices. Experts recorded the first attempts of unauthorized connection to them within a few seconds.

Several tens of thousands of requests were registered per day. Among the devices from which experts observed attacks, more than 63% can be identified as IP cameras. About 16% were various network devices and routers. Another 1% came from Wi-Fi repeaters, TV set-top boxes, IP telephony devices, Tor output nodes, printers, and smart home devices. The remaining 20% ​​of devices could not be clearly identified.

If you look at the geographical location of devices from whose IP addresses experts saw attacks on honeypots, you can see the following picture: the top 3 countries included China (14% of attacking devices), Vietnam (12%) and Russia (7%).

The reason for the increase in the number of such attacks is simple: the Internet of Things today is practically not protected from cyber threats. The vast majority of devices run on Linux, which makes life easier for criminals: they can write one piece of malware that will be effective against a large number of devices. In addition, most IoT gadgets do not have any security solutions, and manufacturers rarely release security updates and new firmware.

Recently it became known about the emergence of a new botnet, IoT_reaper, which has spread to approximately 2 million devices since mid-September, according to a study by Qihoo 360 Netlab and Check Point.

The malware used to create the botnet includes snippets of Mirai code, but also contains a number of new features that differentiate Reaper from its competitors, the researchers said. Its main difference lies in the distribution method. While Mirai looks for open Telnet ports and tries to compromise a device using a list of common or weak passwords, Reaper looks for vulnerabilities that could potentially infect more devices.

According to Qihoo 360 Netlab, the malware includes a scripting environment in the Lua language, which allows operators to add modules for various tasks, such as DDoS attacks, traffic redirection, etc.

Check Point experts believe that Reaper can paralyze the Internet for some time. “We estimate that more than a million organizations have already been affected by the actions of Reaper. We are now experiencing the calm before a major storm. A cyber storm will soon overtake the Internet,” Check Point said in a statement

Among the infected devices are wireless IP cameras from GoAhead, D-Link, AVTech, Netgear, MikroTik, Linksys, Synology and others. Some companies have already released patches that eliminate most of the vulnerabilities. But consumers are not in the habit of installing security updates for devices.

01/09/2017, Mon, 13:54, Moscow time , Text: Anton Trukhanov

Apple computer users are being attacked by a new virus that causes system freezes and crashes via email or iTunes. Hackers force users to call fake technical support numbers, extorting money from them.

New virus attacks Mac

Owners of computers based on the Mac OS operating system Apple attacked by new malware, Malwarebytes reported.

The virus spreads through links to a website containing malware. As soon as a user goes to a site, links to which are often distributed through spam e-mail, a Trojan program is installed on the computer. Once installed, the malware can trigger one of two sequences of actions, depending on the user's operating system version, say security researchers at Malwarebytes.

Attacks via email and iTunes

In the first case, the virus fills the standard mail client Apple operating system with letters with the words "Warning! Virus Detected!" (“Attention! A virus has been detected!”) in the subject line of the email. Despite the absence of further actions aimed at interacting with the user, the instantaneous flow of new messages causes the computer to freeze, unable to cope with such a load.

In the second case, the virus begins to open iTunes program many times, which also leads to system crash.

Infection warning Mac computer with a recommendation to call a fake technical support phone number

Thus, experts emphasize, in both cases, malware forces the computer to fully use the available memory, just as hackers use a large number of requests to carry out DDoS attacks on websites.

Hacker scam

After causing damage to the system, the virus leaves a fake message for the user in email or iTunes player, according to which they need to call a fake Apple technical support number to solve the problem.

Experts from Malwarebytes do not say what exactly will happen if you call the number left by the attackers, but they assume that the attackers will try to force the user to pay a certain amount in order to save him from the problems caused by the virus, under the guise of Apple employees.

It is interesting that the described virus threatens only users of the Mac operating system, while versions for devices based on the related mobile OS iOS, which runs iPhone smartphones And iPad tablets, has not been noticed yet.

Experts note that this virus is very similar to similar malware for Windows, which was first noticed in November 2015. In the case of operating system Microsoft, the virus exploited a vulnerability in HTML5, attacking users through the most popular web browsers and leaving messages from fake technical support on web pages.

A new wave of ransomware virus has primarily captured Russia, also affecting companies in Turkey, Germany and Ukraine, Vyacheslav Zakorzhevsky, head of the anti-virus research department at Kaspersky Lab, told RIA Novosti.

“According to our observations, the majority of victims of the attack are in Russia. We are also seeing similar attacks in Ukraine, Turkey and Germany, but in much smaller numbers. The malware is spreading through a number of infected Russian media sites,” Zakorzhevsky said.

In his opinion, all signs indicate that this is a targeted attack on corporate networks. “Methods similar to those we observed in the ExPetr attack are used, but we cannot confirm the connection with ExPetr. We continue to investigate the situation,” the specialist added.

The Kaspersky Lab website reports that computers are being attacked by a virus called BadRabbit. For unlocking, hackers demand to pay 0.05 Bitcoin (approximately $283).

The Interfax news agency and the St. Petersburg publication Fontanka.ru previously reported cyber attacks on their websites. The Kiev metro and Odessa airport were also affected by hackers.

To protect against this attack, Kaspersky Lab recommends using updated antivirus databases, and if they are not installed, then the company’s experts advise prohibiting the execution of files such as c:\windows\infpub.dat and c:\windows\cscc.dat using system administration tools.

Previous global hacker attack using a ransomware virus hit computers around the world at the end of June. Then the virus, which Kaspersky Lab dubbed ExPetr, began to spread from Ukraine. Besides it, Italy and Israel suffered the most.

Reaper: a new virus that will bring down the entire world Internet.

A MASSIVE botnet that has been building up over the past few weeks threatens to destroy the Internet, Israeli cybersecurity experts have warned.

Botnet (English Botnet, IPA:; derived from the words robot and network) is a computer network consisting of a certain number of hosts running bots - autonomous software. Most often, a bot in a botnet is a program that is hidden and accessible on devices and allowed to the attacker. Typically used for illegal or unapproved activities - sending spam, brute force passwords on a remote system, denial of service attacks (DoS and DDoS attacks).

The new botnet uses all sorts of devices, including WiFi routers and webcams. Once hacked, they will collectively send bursts of data to the servers that power the Internet, causing them to crash and eventually go offline.

Around this time last year, there was a similar attack caused by the Mirai botnet that shut down the Internet on almost the entire East Coast of the United States.

Now, however, Israeli security researchers at Check Point have discovered what they call a completely new and more sophisticated botnet, the full activity of which could cause a virtual “cyber hurricane.”

“So far we estimate that more than a million organizations have already been affected worldwide, including the US, Australia and certain areas in between. And their number is only increasing. Our research shows that we are currently experiencing a period of calm before a very big storm. The next cyber hurricane is coming soon.”

Thus, it turns out that the botnet, called Reaper by Israeli specialists, has already infected the networks of at least a million companies. The number of infected devices and computers can no longer be determined.

Using Check Point's intrusion prevention system (IPS), researchers have noticed that hackers are increasingly attempting to exploit a combination of vulnerabilities found in various smart gadgets. This is their data received during September.

And every day, malware is discovering more and more vulnerabilities in devices. This is especially true for wireless IP cameras such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others.

It became obvious that the attack attempts came from different sources and different devices, which meant that the attack was spread by the devices themselves.

One tech site assessing the threat warns that this “reaper” will wipe out the entire Internet.

Check Point says that as we experience the "calm before the storm," companies should begin preparing early for a distributed denial of service (DDoS) attack that could potentially lock up resources.

DDoS attacks were made famous by the Lizard Squad, a cyber gang that entered the PlayStation network during Christmas 2014. They involve flooding websites or other targets with overloaded traffic, causing them to crash. Therefore, security experts of all firms and companies are asked not only to scan their networks, but also to proactively disable the maximum number of gadgets, considering them as infected.

Private device owners are encouraged to do the same, although the only thing non-technical users may notice is slower connection speeds, especially over Wi-Fi.

A cyber hurricane is coming that could “break” the Internet

The ranks of powerful botnets for Internet of Things (IoT) devices continue to grow. Recently, a new competitor to the Mirai and Necurs botnets, called IoT_reaper, was spotted online and has grown to gigantic proportions since mid-September.

According to researchers from Qihoo 360 Netlab and Check Point, the botnet currently includes about 2 million devices. These are mainly IP cameras, IP network video recorders and digital video recorders.

With the development of the Internet of Things (IoT), viruses are also beginning to multiply, with the help of which you can damage electronics. Moreover, the very essence of IoT presupposes the presence of many connected devices. This is an excellent “habitat” for botnets: having infected one device, the virus copies itself to all available devices.

At the end of last year, the world learned about a gigantic (almost 5 million devices) botnet consisting of routers. The German telecom giant Deutsche Telekom also encountered router hacking, whose user devices were infected with malware called Mirai. The matter was not limited to network equipment: security problems were discovered in smart Miele dishwashers and AGA cookers. The “cherry on the cake” was the BrickerBot malware, which, unlike its “colleagues,” not only infected vulnerable devices, but completely disabled them.

Having a poorly configured or vulnerable IoT device on your home network can have dire consequences. One of the most common scenarios is the inclusion of a device in a botnet. This is perhaps the most harmless option for its owner; other uses are more dangerous. Thus, devices from the home network can be used as an intermediate link for committing illegal actions. In addition, an attacker who has gained access to an IoT device can spy on its owner for the purpose of subsequent blackmail - history already knows such incidents. In the end (and this is far from the worst-case scenario), the infected device may simply be broken.

Kaspersky Lab specialists previously conducted an experiment by setting up several honeypots that imitated various smart devices. Experts recorded the first attempts of unauthorized connection to them within a few seconds.

Several tens of thousands of requests were registered per day. Among the devices from which experts observed attacks, more than 63% can be identified as IP cameras. About 16% were various network devices and routers. Another 1% came from Wi-Fi repeaters, TV set-top boxes, IP telephony devices, Tor output nodes, printers, and smart home devices. The remaining 20% ​​of devices could not be clearly identified.

If you look at the geographical location of devices from whose IP addresses experts saw attacks on honeypots, you can see the following picture: the top 3 countries included China (14% of attacking devices), Vietnam (12%) and Russia (7%).

The reason for the increase in the number of such attacks is simple: the Internet of Things today is practically not protected from cyber threats. The vast majority of devices run on Linux, which makes life easier for criminals: they can write one piece of malware that will be effective against a large number of devices. In addition, most IoT gadgets do not have any security solutions, and manufacturers rarely release security updates and new firmware.

Recently it became known about the emergence of a new botnet, IoT_reaper, which has spread to approximately 2 million devices since mid-September, according to a study by Qihoo 360 Netlab and Check Point.

The malware used to create the botnet includes snippets of Mirai code, but also contains a number of new features that differentiate Reaper from its competitors, the researchers said. Its main difference lies in the distribution method. While Mirai looks for open Telnet ports and tries to compromise a device using a list of common or weak passwords, Reaper looks for vulnerabilities that could potentially infect more devices.

According to Qihoo 360 Netlab, the malware includes a scripting environment in the Lua language, which allows operators to add modules for various tasks, such as DDoS attacks, traffic redirection, etc.

Check Point experts believe that Reaper can paralyze the Internet for some time. “We estimate that more than a million organizations have already been affected by Reaper. We are now experiencing the calm before a major storm. A cyber storm will soon overtake the Internet,” Check Point said in a statement

Among the infected devices are wireless IP cameras from GoAhead, D-Link, AVTech, Netgear, MikroTik, Linksys, Synology and others. Some companies have already released patches that eliminate most of the vulnerabilities. But consumers are not in the habit of installing security updates for devices.