Carna botnet Project: Researcher builds gigantic botnet

March 20, 2013

An unknown researcher has developed a gigantic global botnet out of embedded devices to scan the whole IPv4 Internet for the fun of it. The idea for the Carna botnet project came about accidentally, the researcher writes. While playing around with the Nmap Scripting Engine well known as NSE in programming circle, the researcher discovered an amazing number of open embedded devices on the Internet. He added that many of them are based on Linux and allow login to standard BusyBox with empty or default credentials. In the end, he discovered that several hundreds of thousands of devices were vulnerable and wrote a small binary executable program to run on them, creating an enormous distributed global port scanner with which he conducted a survey of the IPv4 Internet.

The researcher added that there was no interest to interfere with default device operation and passwords and other settings were not changed. The creation of botnet was created last year and Internet survey gathered some nine terabytes of data gleaned from around 420,000 compromised devices in the botnet. The researcher did it in the least invasive way possible and with the maximum respect to the privacy of the regular device users. Binary ceases to work after a while, according to the researcher who will not release the source code for it due to the risk of abuse. In releasing the binary, the researcher discovered another active one on some of the embedded devices called Aidra. He estimates it runs on fewer than 30,000 devices. Through the survey, the researcher estimates the size of the IPv4 Internet to be around 1.3 billion IP addresses currently. If interested, the data with billions of records can be downloaded as a torrent

 

Contador Harrison