On the 21st October 2016, the internet was disrupted by 100,000 Internet of Things devices. DYN is a DNS provider for many websites including Twitter, Reddit, Github, PayPal, Pinterest and many more. This was done using the Mirai botnet which is specifically made to target Internet of Things devices with default usernames and passwords. A Chinese Electronics firm also stepped up and said their devices were also used in the attack and that their passwords were hardcoded on their devices. They have since recalled their smart cameras.
Now a new botnet named Linux/IRCTelnet is a piece of malware written in the C++ language. It works in the same way that the Mirai malware works and relies on the default / hard-coded passwords to infect Linux based IoT devices. It works by bruteforcing an IoT device through its Telnet port, which is basically SSH but not encrypted. Once the malware has been able to log into the device it adds it to its IRC based botnet. Every device that is hacked this way connects back to a command-and-control server and awaits instructions from the bot master.
The security researchers who have been studying the botnet called MalwareMustDie (http://blog.malwaremustdie.org/) found around 3400 infected devices and have also said that it is fully capable of raising an army of 3500 bots every 5 days.
I will be doing a video about the IoT related Botnets soon, so stay tuned. But remember to secure your IoT devices or else your device could also become part of a large botnet and be partly responsible for the internet going down again.