Friday, March 22, 2013

Researcher ropes poorly protected devices into botnet to map the Internet

Okay, don't try this at home: the researcher(s) did this illegally, and if someone files a complaint, she, he or they can be in very serious trouble, facing fines and possible jail time.

An unnamed researcher or a group of researchers did a scan of the Internet and, when they found any, leveraged unprotected devices. The access was granted with "admin:admin", "root:root", "admin:" or "root:". It seems that, even though we are in 2013, several thousands of devices are not protected by a serious password. From the look of it, I would say these are the defaults.

During their scan and when accessing these devices, they found a number of them compromised by a really-malware botnet, Aidra.

The main finding is that out of the nearly 3.6 billion IPs scanned, only 1.3 billion (roughly 36%) are in use, the rest being reported as not used. This however raises the question on whether an non-responsive IP is due to a host with very strong filtering abilities. I suspect that the number of active IPs is higher than what they reported.

The article is to be found here.If you want, the scan dataset is available on the download page.