[Nulled] » Information security » Let's go back to Zerobot
January 16 2023

Let's go back to Zerobot

Let's go back to Zerobot, which was originally reported by Fortinet two weeks ago.

The Internet of Things (IoT) botnet is a self-replicating and self-propagating malware written in the Golang (Go) language and aimed at more than twelve architectures, with a wide range of distributed DDoS capabilities.


 
Microsoft has published its own analysis of Zerobot, warning that the malware has been updated with additional features, including exploits for two vulnerabilities in Apache and Apache Spark, tracked as CVE-2021-42013 and CVE-2022-33891, respectively.

It is known that the server-side request forgery (SSRF) bug fixed in October 2021, CVE-2021-42013, was also used in other botnets, including Enemybot DDoS.

In addition to the previously discovered exploits, the Zerobot sample analyzed by Microsoft also includes exploits for CVE-2017-17105 (Zivif PR115-204-P-RS), CVE-2019-10655 (Grandstream), CVE-2020-25223 (Sophos SG UTM), CVE-2022-31137 (Roxy-WI) and ZSL-2022-5717 (MiniDVBLinux).

After Zerobot 1.1 was released, malware operators eliminated CVE-2018-12613, a phpMyAdmin vulnerability that could allow attackers to view or execute files.

At the same time, the researchers also found new evidence that Zerobot is spreading by compromising devices with known vulnerabilities that are not included in the malware binary, such as CVE-2022-30023, a command injection vulnerability in Tenda GPON AC1200 routers.

After the device is compromised, Zerobot implements a script to launch botnet malware (or a script to determine the architecture of the device and obtain the corresponding binary file), ensuring stability.

The threat does not target Windows computers, but Microsoft says it has discovered Zerobot samples that can run in a Windows environment.

The updated version of Zerobot contains several new features for launching DDoS attacks using UDP, ICMP, TCP, SYN, ACK and SYN-ACK protocols.

Zerobot can also scan the Internet for additional devices for infection. This feature allows it to scan sets of randomly generated IP addresses, trying to identify the bait IP addresses.

Microsoft has also identified a sample that can run on Windows based on a cross-platform (Linux, Windows, macOS) open source remote administration tool (RAT) with various functions such as process management, file operations, taking screenshots and executing commands.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

Related News

16 January 2023
Information security
Symantec researchers

Symantec researchers report details about the activities of a cybercrime group they track as Bluebottle, revealing

Read more
16 January 2023
Information security
After Microsoft

After Microsoft implemented, starting in July 2022, the blocking of Visual Basic for Applications (VBA) macros by

Read more
15 January 2023
Hacking
Malware Database

theZoo is an open source project aimed at providing the ability to analyze various malware. There are about 300

Read more
14 March 2022
Information security»,DDOS
Distributed Network

Distributed Network Attacks / DDoS Distributed network attacks are often referred to as Distributed Denial of

Read more
14 March 2022
Information security»,DDOS
What are DDoS attacks

What are DDoS attacks and why is it harder to defend from year to year According to the NETSCOUT Threat

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    November 2024    »
MonTueWedThuFriSatSun
 123
45678910
11121314151617
18192021222324
252627282930 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +12 Total articles 6747
  • +13 Comments 4077
  • +23 Users : 5841