Advertisement Banner
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Cyber News

New Go-based botnet Zerobot exploits dozens of flawsSecurity Affairs

admin by admin
December 7, 2022
in Cyber News


Researchers discovered a new Go-based botnet called Zerobot that exploits two dozen security vulnerabilities IoT devices.

Fortinet FortiGuard Labs researchers have discovered a new Go-based botnet called Zerobot that spreads by exploiting two dozen security vulnerabilities in the internet of things (IoT) devices and other applications.

“This botnet, known as Zerobot, contains several modules, including self-replication, attacks for different protocols, and self-propagation.” reads the advisory published by Fortinet. “It also communicates with its command-and-control server using the WebSocket protocol. Based on some IPS signatures trigger count, this campaign started its distribution of the current version sometime after mid-November.

Zerobot targets multiple architectures, including i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64, and s390x. The bot is saved using the filename “zero.”

The malware first appeared in the wild on November 18, 2022 targeting devices running on Linux operating system.

The researchers discovered two versions of the bot, the first employed in attacks before November 24 that only supports basic functions. The current version includes a “selfRepo” module to spread infecting more endpoints with different protocols or vulnerabilities.

Once infected the system, the bot contacts the remote command-and-control (C2) server and awaits further instructions.

Below is the list of supported commands:

Command Detail
ping Heartbeat, maintaining the connection
attack Launch attack for different protocols: TCP, UDP, TLS, HTTP, ICMP
stop Stop attack
update Install update and restart Zerobot
enable_scan Scan for open ports and start spreading itself via exploit or SSH/Telnet cracker
disable_scan Disable scanning
command Running OS command, cmd on Windows and bash on Linux
kill Kill botnet program

“Within a very short time, it was updated with string obfuscation, a copy file module, and a propagation exploit module that make it harder to detect and gives it a higher capability to infect more devices.” concludes the report.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Zerobot)



Share On






Source link

Previous Post

RBI to add new feature to UPI payment platform –

Next Post

US National Cyber Director plans Japan trip to bolster digital cooperation

Next Post

US National Cyber Director plans Japan trip to bolster digital cooperation

Recommended

GVK Boss denies Rahul Gandhi’s charge –

10 months ago

Indian Army provides solar streetlights to Tinsukia’s Tokowpathar village –

11 months ago

© Law Enforcement News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Cyber News
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact

© 2022 Law Enforcement News Hubb All rights reserved.