 |
| Source@fortinet.com |
FortiGaurd Labs discovered a unique Botnet written in Golang which exploits known vulnerabilities in IOT devices. the researcher gave it the name Zerobot after they found that after successful exploitation of an IOT device it downloads a script which is saved using the name zero.
This Botnet has many different modules which make it robust like self-replication and propagation with attacks on different protocols. the communication made between the target and the command and control center using WebSocket protocol and the researcher believes that this starts somewhere in mid-November.
Zeronet attack on i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64, and s390x. During the research team found two variant of this botnet one is having the basic functionality and the current version have "SelfRepo" module which is used to reproduce itself and target more endpoints.
current version includes the Zero_36290, Zero_32906, GPON, DLINK, CVE_2022_37061, CVE_2022_34538, CVE_2022_30525, CVE_2022_26210, CVE_2022_26186, CVE_2022_25075, CVE_2022_22965, CVE_2022_01388, CVE_2021_46422, CVE_2021_36260, CVE_2021_35395, CVE_2020_25506, CVE_2020_10987, CVE_2018_12613, CVE_2017_17215, CVE_2017_17106, CVE_2014_08361. The two exploits which start from zero are collected from 0day.today, an exploit known for selling and publishing the exploits for a long time.
"Zerobot is a new botnet written in the Go programming language. It
communicates via the WebSocket protocol. It first appeared on November
18 and is designed to target a variety of vulnerabilities. Within a very
short time, it was updated with string obfuscation, a copy file module,
and a propagation exploit module that make it harder to detect and
gives it a higher capability to infect more devices. Users should be
aware of this new threat, patch any affected systems listed in Figure 13
running on their network, and actively apply patches as they become
available." FortiGuard labs said .
No comments:
Post a Comment