New IoT Botnet 'Reaper' Wreaks Havoc

CIOReview Team | Friday, 27 October 2017, 12:18 IST

'Reaper', a new IoT botnet expected to be more destructive than Mirai, is spreading worldwide and could target corporates from various industries globally. It shares similar features like Mirai but is capable to exploit certain device vulnerabilities related to the internet connection. Reaper is basically an evolution of Mirai that can cause severe chaos on the Internet. It is quietly growing for over a month now and proliferating among multiple devices connected to million ones.

The main difference between Mirai and Reaper is that Mirai tries to connect devices through telnet protocol with the help of default/ weak passwords and take control. On the contrary, Reaper looks for using exploitations on unpatched devices and takes control of the platform. To be precise, it can keep on growing and connect to all types of criminal activities.

It is said that Reaper has already incarcerated thousands of IoT devices including routers, IP cameras etc. These devices are from firms like D-Link, TP-Link, Netgear, Linksys etc. Now, this botnet is spreading rapidly and could soon threaten more devices similar to that of Mirai botnet.

In order to take preventive measures, simple password up-gradations might not be sufficient though it is highly recommended. Organizations and individuals should ensure that all devices connected to the internet are running the latest firmware versions with security patches included.

Keeping that in mind, it is necessary to be ready for the worst possibilities. The motif of the criminals is still unknown like whether they are doing it for financial gain or spoil any specific brand name. To protect organizations from any data breach or other cyber threats, organizations must segregate information according to critical state and needs to be available anytime, anywhere. In short, security can be built in and around the key areas with a contingency plan.

IOCs of IOT Reaper :


Detection by eScan







Several measures can be taken to keep botnet attacks at bay. These measures mainly focus on preventing malware infections.

·  Monitoring Network: The performance of Network should be monitored regularly to check for any suspicious behavior.

·  Software patches: All the software needs to be updated with the latest security patches.

·  Vigilance: The users should be trained to stay away from insecure activities that can put them at risk of botnet attacks. These include the opening of phishing emails, downloading attachments or clicking links from unknown sources etc.

·  Anti-Botnet tools: Anti-botnet tools facilitate detection of botnets before any infection occurs. Firewalls and antivirus software include basic tools for detection, prevention and removal of botnets.


Removal of Botnets can go beyond removing the same from an infected machine. It often requires shutting down of the C&C server that controls the botnet. It is normally done when an organization is planning to cease an entire botnet rather than healing the infection. For example: Microsoft's campaign against 'Zeus' botnet was one of the popular botnet removal incidents.