Hoaxcalls Botnet Exploits Symantec Secure Web Gateways

2020-05-15 20:41

Cyberattackers are targeting a post-authentication remote code-execution vulnerability in Symantec Secure Web Gateways as part of new Mirai and Hoaxcalls botnet attacks.

Now, researchers at Palo Alto Networks' Unit 42 division have observed that same version of the botnet exploiting a second unpatched bug, this time in Symantec Secure Web Gateway version 5.0.2.8, which is a product that became end-of-life in 2015 and end-of-support-life in 2019.

"On April 24, I observed samples of the same botnet incorporating an exploit targeting the EOL'd Symantec Secure Web Gateway v5.0.2.8, with an HTTP request in the format: POST /spywall/timeConfig.php HTTP/1.1," said Unit 42 researcher Ruchna Nigam, in a Thursday post.

It's also no longer present in the latest version of the Symantec Web Gateway, version 5.2.8, so updated devices are protected.

"The use of the exploit in the wild surfaced only a few days after the publication of the vulnerability details, highlighting the fact that the authors of this particular botnet have been pretty active in testing the effectiveness of new exploits as and when they are made public," according to the researcher.

News URL

https://threatpost.com/hoaxcalls-botnet-symantec-secure-web-gateways/155806/

#botnet #exploit #gateway #symantec #WEB

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Symantec		241	68	247	112	86	513