C’è un nuovo virus in giro ed è pericoloso: si chiama HEH e può infettare praticamente tutto: dai router ai dispositivi IoT
C’è una nuova minaccia che sta strisciando nei sotterranei di Internet e che potrebbe fare enormi danni su milioni di dispositivi, se non viene affrontata in tempi brevi: si tratta del nuovo virus HEH, veicolato da una botnet. Cioè una rete di computer “zombie” che, dopo l’infezione, vengono usati per lanciare attacchi verso altri computer e infettarli a loro volta.
HEH è stato scoperto dai ricercatori di Netlab, la divisione di sicurezza informatica e delle reti del gigante tecnologico cinese Qihoo 360, che ha appena reso nota la sua esistenza in un recentissimo report. Questa botnet è nuova come il virus che veicola e quasi nulla si sa su di essa, se non il modo in cui vengono attaccati gli altri computer: una azione di forza sulle porte SSH 23 e 2323. Brute force attacks consist of bombarding a router (or server) with requests until the right combination of login credentials is found. If the device uses standard credentials, or credentials that are not very strong, the virus can easily enter the system and place the infected device in the botnet, then use it to launch other attacks.
How HEH Works
According to the researchers, HEH is still a sketchy virus, with no real offensive capabilities such as the ability to launch DDoS attacks, install other viruses to produce cryptocurrency or shunt web traffic to attackers’ servers.
The only thing HEH can do at the moment is launch attacks on SSH ports to extend its own reach. It would seem, then, that whoever invented it has a two-step strategy: first spread the malware, then activate it.
The Risks of HEH
The worrying thing, though, is that if attackers manage to force a computer with an SSH attack, they can later do something else, exploiting the presence of HEH on the device. For example, execute commands, including the one to destroy all partitions on the device.
Netlab claims to have found copies of HEH that can be run on x86, ARM, MIPS and PPC devices. Pretty much everything, in short, from regular home computers to enterprise servers to IoT devices, i.e. smart home automation devices. Smart Speakers included.
What does it all mean? It means that someone is infecting thousands of devices with a virus, which in turn will infect other devices, in preparation for a very likely future attack.