Millions of Networks Compromised by New Reaper Botnet


A new and growing botnet called Reaper or Troop (detected by Trend Micro as ELF_IOTREAPER.A) has been found currently affecting more than one million organizations. According to the security researchers from Check Point and Qihoo 360 Netlab, the botnet they discovered is more sophisticated and potentially more damaging than Mirai. Reaper actually uses some of the code from the Mirai malware but uses a different method for compromising devices.

Mirai generally scanned open ports or took advantage of unsecured devices with default or weak passwords. Reaper is more aggressive, using exploits to take over devices and enlist these with their command and control server. Reports note that there are already millions of devices just on standby, waiting to be processed by Reaper’s C&C servers.

Reaper uses a combination of nine attacks targeting known Internet of Things (IoT) vulnerabilities. These attacks affect many popular router brands as well as IP cameras, Network Attached Storage devices, and servers.

So far the Reaper botnet hasn't been used to launch a DDoS attack, as Mirai famously did last year. But Reaper is capable of more complex attacks. It integrates a LUA (a lightweight programming language typically used for embedded systems) execution environment in the malware. This allows the operator to deliver code modules for tasks such as DDoS, traffic proxying or other attacks. The report notes that the botnet is not particularly aggressive, but it could quickly change and potentially cause damage on an even larger scale than Mirai.

IoT devices like IP cameras and routers are particularly susceptible to exploits. Users should check with their vendors to see if there are any available updates. They should also make it a point to regularly update all connected devices in their homes. Also, simply using a strong password will do a lot to secure IoT devices commonly targeted by hackers.

Trend Micro™ Security and Trend Micro Internet Security offer effective protection for this threat, with security features that can detect malware at the endpoint level. To protect IoT devices like home routers, security solutions like Trend Micro Home Network Security can check internet traffic between the router and all connected devices. Enterprises can use Trend Micro™ Deep Discovery™ Inspector which is a network appliance that monitors all ports and over 105 different network protocols to discover advanced threats and targeted attacks.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.