The Carna Botnet
https://darknetdiaries.com/episode/13/
http://census2012.sourceforge.net/paper.html
The Carna Botnet started out as an ethical hacking experiment in 2012. A cybersecurity researcher used Nmap Scripting Engine (NSE) to scan for random devices that had the default telnet login username and password. They found that over 100,000 devices had these features and could easily be accessed. However, to scan this many devices, as soon as a vulnerable one was found, software (not necessarily malware because the hacker had no malicious intent), that device would also begin to scan for other vulnerable devices, then once it found a new one, the software would be installed on that one, and so forth. This is how the Carna Botnet came to be, named after the Roman goddess of protection of inner organs. In the end, a total of 420,000 devices were assisting the internet search, and of the 4.3 billion IP addresses possible, the Carna Botnet found 1.3 billion.
The hacker had no malicious intent, so what came from the Carna Botnet was a massive census of the internet. The data was eventually compiled into an animated map (shown as a gif in the link attached. It’s really soothing and mesmerizing to look at) that showed internet users all around the world and when they would get online and offline. All of this was possible because of one massive network of devices scanning the internet and recruiting other devices to assist the search. The creator of the Carna Botnet remains anonymous, since the Carna Botnet was illegal.
