Mozi Botnet responsible for IOT Traffic

October 6, 2020
mozi botnet iot internet-of-things traffic

The latest feast on the cybersecurity realm evolved on the recent report submitted to the community about the Mozi botnet infesting numerous internet-of-things (IoT) devices. After the discovery in 2019, cybersecurity experts observed that this variant of the Mirai botnet has been in circulation for 90% of botnet attacks from October 2019 to June 2020. The botnet has been observed to perform a series of DDoS attacks, performed remote command execution, and data extraction for different cybercriminals. Common devices that have been infected are from Huawei, Netgear, and D-Link products.


To add more to the controversy, Mozi Botnet perpetrators were tracked to be originated from China, which makes it more alarming to many security experts. 


The in-depth analysis confirmed that infection starts from injecting a shell command to the targeted devices, which will determine if its susceptible to the infestation. Once verified, another payload will run to strive for unlocking the telnet credentials of the device. Once successfully compromised, the device will now be added to its bot networks and for the perpetrators’ vast perusal as stated above capabilities.  

Unlike other bot applications, Mozi can perform its action even if such a device has already been added to a different botnet group. It uses a customized Distributed Hash Table (DHT) protocol that allows it to create or transform the device to be part of the botnet that can receive and perform action commanded from the botnet master. 

As discussed on other IoT discovery, this vulnerability of the IoT device results from inadequate security protocol that has been embedded in the components of the mentioned device. Manufacturers of such chips or components on the IoT devices failed to address the known issue of weak security imposed on this specific component for over 20 years now upon experts who have stumbled about it 2 decades ago. Instead of investing for higher security, they invest more in the production of the hardware device. The manufacturer is responsible for the component that is embedded together with its vulnerability for the attack. Component manufacturers confirmed that developing a software application to increase such a device’s security is a costly investment and will result in incompatibility to other hardware on the manufacturing device. For it to work, different components should also need to update their security to meet the compatibility requirement as a single device. 

With the vast and uprising trend of using IoT devices, statistics show an estimated 31 billion of it in the world wherein there is 127 devices deployment per second. Based on statistics, IoT devices being part of a botnet network, are becoming a significant threat to our security despite its promise for a comfortable life through its ease of accessibility. 

About the author

Leave a Reply