IOTroop Botnet

Severity: Critical
Dispersion: Internet, Direct Attack
Operating System: IOT
Category: Vulnerabilities, Botnet
Sources: Checkpoint, Threatpost


From Alert
Several IOT devices have been detected with vulnerabilities that are actively beeing utilized in a new larger Botnet that appeared in September. The virus uses several vulnerabilities including direct attack on the IOT device that are affected. Devices that are compromised can also be used for further attacks within the affected companies.



A new major botnet spreads incredibly fast all over the world. The botnet utilizes vulnerable IOT devices and embeds their own software on those, that attackers can use. The virus will then try to to spread to other units by itself.

The botnet was detected by Checkpoint in September and several command and control servers are already in the network. This is comparable to the previous Mirai botnet that took out parts of the internet, but is much more advanced since it uses multiple attack vectors to enter the devices. Until now, it is uncertain what the botnet should be used for, but there are fear of attacks on central infrastructure.



Checkpoint Software has published the following list of manufacturers with vulnerabilities uncovered so far:

Produsent Vulnerability
GoAhead Wireless IP Camera (P2P) WIFICAM Cameras Information Disclosure
Wireless IP Camera (P2P) WIFICAM Cameras Remote Code Execution
D-Link D-Link 850L Router Remote Code Execution
D-Link DIR800 Series Router Remote Code Execution
D-Link DIR800 Series Router Information Disclosure
D-Link 850L Router Remote Unauthenticated Information Disclosure
D-Link 850L Router Cookie Overflow Remote Code Execution
Dlink IP Camera Video Stream Authentication Bypass – Ver2
Dlink IP Camera Luminance Information Disclosure – Ver2
D-Link DIR-600/300 Router Unauthenticated Remote Command Execution
NETGEAR Netgear DGN Unauthenticated Command Execution
Netgear ReadyNAS Remote Command Execution
AVTECH AVTECH Devices Multiple Vulnerabilities
Linksys Belkin Linksys E1500/E2500 Remote Command Execution
Linux Linux System Files Information Disclosure


Cyberon Security comes with the following recommendations:

  • Remove devices that are vulnerable or patch devices to remove vulnerabilities.
  • Segregate IOT in its own network behind firewall.
  • Do not allow access to IOT devices directly from the internet.

Please contact us for further assistance on this alert.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: