14,000 Routers Infected by Nearly Unstoppable Malware
▼ Summary
– Researchers have identified a takedown-resistant botnet of about 14,000 network devices, primarily Asus routers, used as an anonymous proxy for cybercrime.
– The botnet, named KadNap, infects devices by exploiting known, unpatched vulnerabilities rather than zero-day exploits.
– It uses a sophisticated peer-to-peer design based on Kademlia and distributed hash tables to conceal command servers, making detection and takedowns difficult.
– This decentralized structure is intentionally designed to avoid detection and hinder defenders, distinguishing it from other proxy botnets.
– The infected devices are mostly located in the United States, with smaller numbers in Taiwan, Hong Kong, and Russia.
A widespread and resilient botnet has ensnared approximately 14,000 routers daily, with the majority being Asus models, according to recent cybersecurity findings. This malicious network, known as KadNap, functions as an anonymous proxy service to funnel traffic for various cybercriminal activities. The infection primarily spreads by exploiting known vulnerabilities in devices that owners have failed to patch, rather than through new, undisclosed security flaws. Researchers emphasize that the high number of compromised Asus routers suggests attackers have acquired a particularly effective exploit targeting those specific models.
The scale of this operation has grown significantly since its initial discovery, rising from around 10,000 infected devices last August to its current daily average. The United States hosts the largest concentration of these compromised routers, with smaller clusters identified in Taiwan, Hong Kong, and Russia. What makes this botnet exceptionally durable is its advanced architectural design. It utilizes a peer-to-peer framework based on Kademlia, which employs distributed hash tables. This structure effectively hides the locations of command-and-control servers by replacing direct IP addresses with cryptographic hashes, allowing any infected node to query others to find necessary resources.
This decentralized approach grants KadNap a notable resistance to conventional takedown methods. Unlike botnets reliant on centralized servers that can be seized or blocked, a peer-to-peer network has no single point of failure. Security analysts note that the operators’ clear intention is to evade detection and create persistent challenges for defenders attempting to dismantle the network. The use of distributed hash tables is not new, similar technology underpins systems like BitTorrent, but its application here creates a robust and anonymous infrastructure for malicious proxy services.
The resilience of such a design complicates efforts to protect networks and neutralize the threat. As infected devices anonymously relay traffic, they enable a range of illicit online actions while shielding the perpetrators. The situation underscores a critical need for consistent device maintenance, including applying available security updates, to close vulnerabilities that botnets aggressively target.
(Source: Ars Technica)
