On June 25th, I discovered a new bot named Silexbot on my honeypot. The bot itself is a blunt tool used to destroy IoT devices. Its author, someone who claims to be a 14-year-old boy from Europe, has made his intentions clear with some very distinct text embedded in the code.   Since Silexbot was first discovered, the author has halted development of the botnet , as he didn't expect all of this attention and decided to quit before things get worse. \r\n \r\n So how does Silexbot work? \r\n Silexbot is using known default credentials for IoT devices to login and kill the system. The bot does this by writing random data from /dev/random to any mounted storage it finds. Examining binary samples collected from my honeypot, I see Silexbot calling fdisk -l which will list all disk partitions.…