For about eight years, a hacker had violated Appliances D-Link NVR (network video recorders) and . (network-attached storage) and had made them part of one botnet which had as its sole purpose the link to websites and download anime videos.
The botnet was named Cereals and first appeared in 2012. It peaked in 2015, when it garnered more than 10.000 bots.
However, despite its size, the botnet went unnoticed by most companies. security in cyberspace. Now, the Cereals are slowly disappearing as the vulnerable Appliances D-Link, on which it has relied all these years, began to "age" and become obsolete. In addition, the fall of Cereals botnet is due to the appearance of one ransomware with the name Cr1ptT0r, which deleted Cereals malware from many D-Link systems in the winter of 2019.
Now that both botnet and vulnerable devices are disappearing, h company security Forcepoint published a report on previous botnet functions.
The botnet took advantage of a single vulnerability
These eight years, Cereals botnet took advantage of only one vulnerability.
Vulnerability existed in SMS notification of D-Link firmware, which supplied the company's NAS and NVR series of devices.
The error allowed the creator of Cereals to send an HTTP request to a built-in server of a vulnerable device and execute commands with root privileges.
Forcepoint says the hacker had scanned it Internet for vulnerable D-Link systems, and took advantage of the error to install malicious Cereals software on vulnerable NAS and NVR devices.
However, despite the exploitation of a single vulnerability, the botnet was quite advanced. Cereals had four backdoor acquisition mechanisms access on infected devices and tried to fix systems to prevent infringement by other intruders.
Was it a hobby?
According to Forcepoint researchers, botnet could be described as more hobby project.
Initially, as mentioned above, he took advantage of only one vulnerability during his eight-year "life" and did not try to expand his operations to systems other than D-Link NAS and NVR.
Subsequently, the botnet was never removed from its intended purpose, namely Anime videos. Forcepoint said the botnet did not carry out DDoS attacks, nor did it attempt to gain access to them data users stored on NAS and NVR devices.
All of this suggests that the creator of botnet, believed to be a German man named Stefan, probably did not intend to use Cereals botnet for "evil purposes." His only goal was to download Anime videos.