Connect with us

Mozi IoT Botnet Operators Arrested in China



Despite the arrest, the botnet continues to function.

Chinese law enforcement officers have arrested operators of a large-scale IoT botnet known as Mozi. By data research team Netlab Chinese company Qihoo 360, the arrest occurred in July this year, but, despite this, the botnet continues to function.

“Mozi uses a P2P network structure [peer-to-peer], and one of the “advantages” of a P2P network is that even if some nodes are disconnected, the entire network will continue to work and the remaining nodes will infect other vulnerable devices. Therefore, we are seeing the spread of Mozi, ”the experts explained.

Last month, Microsoft experts warned about new features of Mozi, in particular, malware can now interfere with Internet traffic of infected systems using DNS spoofing and hijacking HTTP sessions to redirect users to malicious domains.

Mozi is developed from the source code of a number of well-known malware families such as Gafgyt, Mirai and IoT Reaper. According to experts, the botnet currently has about 1.5 million infected devices, most of which are located in China and India.

Mozi mainly attacks vulnerable routers and DVRs by compromising devices through untrusted or default credentials. The botnet itself is used to carry out DDoS attacks, steal data, or execute malicious payloads.

Among other things, the malware’s functionality includes a mining module that spreads like a worm using unreliable FTP and SSH passwords. Mozi communicates with infected hosts through the DHT (Distributed Hash Table) protocol, which allows the botnet to function smoothly.

“Mozi samples have not been updated for a while, but that doesn’t mean Mozi is no longer a threat. As parts of the network that have already spread on the Internet continue to be infected, new devices are being infected daily, ”the researchers warned.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Latest News