A list containing internet protocol (IP) addresses for thousands of devices allowing full access has been published, sparking fears of a new denial of service botnet.
Security researcher Ray Watson tweeted the discovery of the list. It initially appeared to lead to some 33,000 devices running the clear-text telnet remote access service, allowing log-ins with default credentials such as admin/admin, or no authentication.
Another security researcher, Victor Gevers of the GDI Foundation, sorted the list and found it only contained 8233 unique IP addresses.
After further analysis, Gevers found that 1775 of the IP addresses on the list responded to telnet connections.
Most of the devices are China and other Asian countries.
Gevers told iTnews providers are alerting users that they are running systems open to abuse and closing down access.
The Pastebin account that published the list of open systems also contained scripts with names such as "Mirai Bots", indicating that it was compiled for malicious purposes.
Botnets created with malware such as Mirai have been used to cause widespread outages through denial of service attacks, by commandeering internet of things devices such as networked cameras.
Pastebin has since removed the list, but not before it was viewed more than 20,000 times.
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
