JenX exploits one of two known vulnerabilities that have become popular in IoT botnets recently, both affecting routers.
Move over Satori, there’s a new botnet in town, and its creators are brazenly advertising its services, offering massive Dedicated Denial of Service attacks (DDoS) for a mere $20. The botnet is made up of infected routers and takes advantage of vulnerabilities in Huawei Router HG532 and Realtek SDK Miniigd. Both exploits are known from the Satori botnet and based on code by the author of BrickerBot.
An investigation by security research firm Radware found a C2 server hosted at “sancalvicie.com” and offers multiplayer servers for the popular video game GTA San Andreas and DDoS services. Pascal Geenens, a researcher at Radware, has dubbed the new botnet JenX.
The group behind the botnet, calling themselves Los Calvos de San Calvicie claims they can provide DDoSes with a guaranteed bandwidth of 90-100Gbps and claimed they can provide attacks of up to 300Gbps. That’s enough to take out the internet’s core infrastructure.
“The potential for this botnet is comparable to Satori as it uses the exact same exploits. However, the growth rate of this bot will not be as high as Satori because Satori is using bots that each scan and exploit by themselves—so more bots, more scanners, more victims, even more bots, even more scanners, etc…. so exponential growth rate for the Mirai, Satori and Reaper botnets. The JenX botnet uses servers for the scanning and exploiting devices, so growth will be less than linear. By adding more servers they can make it grow faster, but never will be as efficient and aggressive as Mirai, Satori, and Reaper,” Geenens wrote in an email to Ars Technica.
While for now, the botnet is only targeting users of GTA San Andreas, Geenens warns there is nothing stopping it from being used for more sinister purposes and that it bears watching.