The scariest part is that it might already be controlling your PC, smartphone, router, or other internet enabled device without your knowledge. We explain the danger of botnets, and the ways that you can protect your devices from the very real threat that Reaper presents. (Quick tip: Stay off porn sites and don’t download hooky versions of Game of Thrones).
What is a botnet?
A botnet is a large collection of online devices that are controlled by a single PC. In principle this is fine, except that these are usually put together by infecting PCs, routers, smartphones, webcams, and tablets with malware. The most insidious part is that users don’t know that their device is part of a botnet, as the malware runs quietly in the background, executing its nefarious activities. Botnets can be used to target and bring down certain online servers, something called a DDOS (Distributed Denial of Service) attack, or to deliver massive spam campaigns. Due to the fact that users remain unaware of the malware on their system, it’s also an easy way to steal private data which can then be used in identity theft scams. Worst of all, criminals can create botnets and then sell them to the highest bidder, who then use the networks for serious crimes across the globe. The full extent of the threat posed by these co-ordinated attacks was seen last year when the Mirai botnet caused widespread disruption in the US, knocking out a huge number of routers. Mirai exploited simple vulnerabilities in the security settings of these devices, but now there’s Reaper, which is a far more sophisticated beast.
What is Reaper?
While Mirai gained control of its targets by using the default passwords that often remain unchanged on routers and other internet connected devices, Reaper (or IoT Trooper as it’s also known) takes things a step further by actually hacking code vulnerabilities. This means it can weasel its way into more devices, and thus present a far greater threat than its predecessor. Security analysts Check Point Research brought the issue to the public when it saw that certain attacks on routers around the world were increasing, and using a very specific technique. ‘Our research began at the end of September ’17,’ the company reported, ‘after noticing an increase in attempts to penetrate our IoT IPS protections. Following this suspicious activity, we soon realized we were witnessing the recruitment stages of a vast IoT Botnet.’ The scale of these takeovers quickly became apparent, and with it the worrying spectre of a mass-scale cyberattack. ‘So far, we estimate over a million organizations have already been affected worldwide,’ it confirmed, ‘including the US, Australia and everywhere in between, and the number is only increasing. ‘Our research suggests we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come.’
How can I stop Reaper from infecting my device?
So far, the infections linked with Reaper seem to be limited to routers and internet cameras, but this could easily change as the malware evolves. To protect against botnets in general it’s a very good idea to install some sort of anti-malware software on your device. PCs and Macs (yes, Macs) are vulnerable to these style of attacks, so take a look at our guide to the best antivirus software 2017 for some options. Android phones and tablets have also been drawn into botnets recently, so again you’ll want to look into security software to prevent your device becoming an unwilling accomplice. Check out our Best Android Antivirus guide, and also How to remove Android virus if you discover any unwelcome guest nestled on your system. Your home router is most at risk from the current iteration of Reaper, so be sure to search online for instructions on how to reset the password on your particular model. Try reading our How to connect to a router for some helpful tips. Other than software solutions it’s a good idea to refrain from sites that could be inserting malware onto your system. The most common culprits for this are torrent sites, as you’re never entirely sure what you’re downloading, or the naughtier side of the internet where pop-up windows can often be hiding a download request. Basically, don’t click on anything if you don’t know exactly what it’s asking permission to do. It’s a better route to turn your PC or phone off entirely, rather than click or tap on that odd message that could lead to disaster. If you follow the mantra of changing passwords regularly, running virus checkers often, and avoiding downloading anything from little known sites, then you’ll at least make life harder for the criminals. It’s not a guarantee, but it means that you should at least fear the Reaper a little less. Martyn has been involved with tech ever since the arrival of his ZX Spectrum back in the early 80s. He covers iOS, Android, Windows and macOS, writing tutorials, buying guides and reviews for Macworld and its sister site Tech Advisor.