TheMoon IoT Botnet

TheMoon IoT Botnet first appeared in 2014, targeting Linksys, ASUS, D-Link and MikroTik routers. TheMoon IoT Botnet was used for a variety of attacks typically associated with botnets, including carrying out brute force attacks, Distributed Denial of Service attacks, and various other illicit operations. TheMoon IoT Botnet will scan for devices that may be vulnerable to compromised scripts associated with TheMoon IoT Botnet to continue spreading from one device to another. Typically, TheMoon IoT Botnet carries out its attack by exploiting known vulnerabilities in device firmware and scanning for applications using port 8080 to communicate. The initial TheMoon IoT Botnet payload is delivered via a bad script and turns the infected device into a SOCKS5 proxy.

Why TheMoon IoT Botnet is so Threatening

TheMoon IoT Botnet is a vast network of infected devices that is used to carry out coordinated attacks. The latest iteration of theMoon IoT Botnet was observed in January 2019, claiming that TheMoon IoT Botnet had 'risen again' on underground hacking forums. The criminals will exploit vulnerabilities and use brute force attacks to compromise devices to integrate more compromised devices into theMoon IoT Botnet. Typical devices targeted in these attacks include modems, routers and similar systems. Most devices compromised by theMoon IoT Botnet attack run using the MIPS architecture. TheMoon IoT Botnet does not require much processing power and operates most effectively through the combined power of the multiple devices that are integrated into the botnet working together.

How TheMoon IoT Botnet Attack Works

TheMoon IoT Botnet attack has compromised nearly two thousand devices, and have been used to carry out a wide variety of attacks. The criminals responsible for theMoon IoT Botnet rent it out to other criminals wishing to use the combined power of the affected devices as part of their own attacks. Some examples of what this can be used for include using the combined processing power of these infected devices to carry out brute force cracking of passwords and login information. TheMoon IoT Botnet also can be used to bring down websites and servers by overwhelming them with requests. One typical way in which botnets like theMoon IoT Botnet can be used is to obfuscate the transfer of information online, hiding pornographic material, laundering money or setting up illegal online retail sites. At the time of writing, nearly 2000 devices had become part of the Moon IoT Botnet and nearly twenty thousand unique URLs had been used in association with theMoon IoT Botnet. The most recent wave of hoaxes linked to theMoon IoT Botnet includes video and attacks connected to suspicious YouTube videos, designed to generate large amounts of advertising revenue at the expense of computer users.

Protecting Yourself from Threats Like TheMoon IoT Botnet

Devices used as part of the 'Internet of Things' or IoT are primarily useful if they can be connected to the Internet constantly. This makes them desirable for the sorts of operations that botnets like theMoon IoT Botnet carry out, due to the fact that infecting them is often not too difficult when compared to home PCs especially. Because of this, it is important that computer users ensure that any vulnerabilities in their devices are taken care of. Computer users should ensure that they always install the latest security updates and firmware versions on their devices. More importantly, they should ensure that strong passwords and security measures are used, rather than relying on factory defaults, a common way in which threats like TheMoon IoT Botnet are installed.