Torii Botnet Removal Guide

Do you know what Torii Botnet is?

There is probably at least one IoT device in your home. You may feel that it is safe and cannot be hacked, but that is not true. Torii Botnet, a sophisticated botnet targeting IoT devices, has been discovered by specialists in the wild. What is a botnet? It can be defined as a network consisting of Internet-connected devices whose security was breached. They are controlled remotely using malware installed on them and can be used to perform a variety of harmful malicious activities. For example, they might be employed by cyber criminals to send spam, perform distributed denial-of-service (DDoS) attacks, and much more. Also, attackers can easily access affected devices and their connections. Torii Botnet is no doubt not the only botnet that exists. Malware researchers detect them quite often, but we have to admit that Torii Botnet is unique. As research conducted by specialists has shown, it targets a wide variety of IoT devices, unlike traditional botnets analyzed by specialists. Additionally, it may be used to perform basically any activity of the hacker’s choice on the affected device, which surely distinguishes Torii Botnet from similar infections. Unfortunately, removing it from the affected IoT device is a huge challenge, so you should take security measures to prevent it from affecting any of your devices while you still can.

When Torii Botnet was detected for the first time by experienced specialists, it was presented as the most sophisticated botnet they had ever seen. First of all, it is considerably stealthier and more persistent if compared to ordinary botnets, according to specialists. As a consequence, ordinary users do not even notice that it has affected their devices. Since special antimalware tools for IoT devices do not exist yet, there is nothing that could detect and inform users about the successful entrance of Torii Botnet. What else distinguishes Torii Botnet from other botnets is the fact that it does not perform usual malicious activities. This may change in the future, but it was not used to perform any DDoS attacks, it did not attack other devices connected to the same network, and it was not mining any cryptocurrency at the time of research. Without a doubt, it does not mean that Torii Botnet does not do anything malicious. Once this botnet identifies a poorly secured system, it might start gathering sensitive information. The thorough analysis conducted by our researchers has shown that, theoretically, Torii Botnet might allow hackers to execute basically any commands and deliver payload on the affected device after communication with the master server is established. Last but not least, if one device on the network is affected by this botnet, others connected to it might get compromised as well. There is probably no need to say that their users do not know anything about that.

We have some information about Torii Botnet distribution too. We hope it will help you to protect your devices against it. It has turned out that Torii Botnet primarily goes after devices using Telnet. Telnet is a remote access tool used to log into remote servers, but it is being actively replaced by more secure tools available on the market these days. Torii Botnet has been active since December 2017, and there are no guarantees that it is going to die anytime soon. Therefore, you should be more cautious than ever. While special antimalware tools for IoT devices are still unavailable, it does not mean that you cannot do anything to protect your devices against this botnet.

If you fear that your IoT device might be affected by Torii Botnet, you should simply disconnect it from the Internet. Of course, if you cannot do that, you will have to apply alternative security measures. We would, first of all, recommend installing all updates, including security patches, available. Second, you should make sure that credentials ensuring access to the device are strong enough. Generally speaking, since special security tools do not exist, you are the one who can ensure the protection of your devices.

In non-techie terms:

Torii Botnet is not an ordinary malicious application. It has been developed to hack IoT devices with a wide range of architectures, including SuperH, x64, x86, ARM, and others. It does not act like ordinary botnets do. That is, it does not (yet) perform distributed-denial-of service attacks or mines cryptocurrency. It is more likely that its main goal is to steal sensitive information. God knows what cyber criminals will do with that stolen information. It may be used for various purposes, including fraudulent ones, and even sold on underground forums. You would not want to experience that, would you?