After Mirai, I got interested in Botnets, asked “What if …” and did some research, which led to some talks, and it has been a lot of fun. If you like scary stuff hehe. I’m staring out at a rising tide of unsecured IoT devices ready to get co-opted into the next big attack

ZHTrap botnet deploys honeypots to find infected new targets per Bleeping Computer 3/15/2021 Seeks out infected routers, DVRs, and UPnP network devices. Based loosely on Mirai source code. Backdoor functions for added malware downloads. Exploits certain vulns, weak Telnet (because who doesn’t)

DLink, IoT Devices Under Attack by TOR-based Gafgyt Variant per Threatpost 3/5/21 Using TOR for anonymity is a new move by Gafgyt, a botnet known for large DDoS attacks. It will be harder to detect given a code rebuild and module enabling it to change up servers fast. It targets DLink and IoT devices to enslave. It’s using 3 vulnerabilities to spread and weak Telnet passwords (of course).