Arbor Networks Threat Intelligence

Reaper Madness

On October 19th, a team of security researchers warned of a new IoT Botnet that had already infected “an estimated million organizations” and that was poised to “take down the internet”. This report was subsequently picked up by the press and spread quickly via social media.

ASERT has been actively analyzing the Reaper IoT botnet;

At this time, it is not clear why these candidate bots have not been co-opted into the botnet. Possible explanations include: misidentification due to flaws in the scanning code, scalability/performance issues in the Reaper code injection infrastructure, or a deliberate decision by the Reaper botmasters to throttle back the propagation mechanism.

ASERT will continue to analyze the botnet malware and monitor for any signs of attack. In the meantime, Chinese internet security company Qihoo has published some interesting analysis of the Reaper IoT bot: