A new botnet is hijacking Internet-connected smart devices by performing DDoS attacks. Called the HEH Botnet, it is written in Go language and armed with a proprietary peer-to-peer (P2P) protocol. It spreads via a brute-force attack of the Telnet service on ports 23/2323 and can execute arbitrary shell commands.
The botnet comes with three functional modules: a propagation module, a local HTTP service module, and a P2P module. The researchers say:
„The operating mechanism of this botnet is not yet mature, [and] some important functions such as the attack module have not yet been implemented. The new and developing P2P structure, the multiple CPU architecture support, the embedded self-destruction feature, all make this botnet potentially dangerous.“