IoT Reaper Backdoor Detection

Critical Nessus Network Monitor Plugin ID 700194

Synopsis

The remote host is reporting back to a control server associated with the IoT Reaper (aka "IoT Troop") botnet threat. A backdoor is likely present on the machine.

Description

The remote host is reporting back to a control server associated with the IoT Reaper (aka "IoT Troop") botnet threat. A backdoor is likely present on the machine and may be used as part of a 'botnet', allowing attackers to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allow attackers access to the device and its connection.

Solution

Check for and remove any instances of the backdoor and conduct a forensic examination to determine how it was installed as well as whether other unauthorized changes were made. Be sure to apply security patches to devices as soon as they are provided by the vendor.

See Also

http://fortune.com/2017/10/25/reaper-botnet-mirai-iot-ddos

https://www.wired.com/story/reaper-iot-botnet-infected-million-networks

Plugin Details

Severity: Critical

ID: 700194

Family: Backdoors

Published: 2017/10/26

Modified: 2017/10/26

Dependencies: 8167

Risk Information

Risk Factor: Critical