How do I get rid of Hide and Seek?

If there is any good news it is that Hide and Seek, like other IoT botnets, “cannot achieve persistence.” That means a user can get rid of the malware simply by rebooting the device.

But even that isn’t long-term good news. Chris Clark, principal security engineer, strategic initiatives, at Black Duck, said rebooting “is only part of the answer. If the machine was infected before it will be again. If you do not mitigate, a reboot is just a delaying action.”

And the findings suggest that Hide and Seek is both more interesting and potentially more malevolent than botnets that have been around for years and are generally used for DDoS attacks.

Those can be damaging enough. Witness the attack on Internet backbone service provider Dyn in October 2016 by the Mirai botnet that brought down the websites of 80 major Internet companies including Amazon, PayPal, and Twitter.

But HNS and other more recent botnets like Mirai, Reaper, and Hajime are designed for more than DDoS attacks. Botezatu wrote that Hide and Seek has “greater levels of complexity and novel capabilities such as information theft—potentially suitable for espionage or extortion.” He added that “it is also worth noting that the botnet is undergoing constant redesign and rapid expansion.”

HNS is only the second (Hajime was the first) to have a decentralized, peer-to-peer (P2P) architecture. But Botezatu said HNS is the first of its kind in another way. The functionality of Hajime is based on the BitTorrent protocol. However, in the case of Hide and Seek, “here we have a custom-built P2P communication mechanism."