Security News > 2020 > May > Botnets Target Old Vulnerability in Symantec Secure Web Gateway
New variants of the Mirai and Hoaxcalls botnets have been targeting an old remote code execution vulnerability in legacy Symantec Secure Web Gateway versions, Palo Alto Networks reports.
The targeted vulnerability impacts Symantec Secure Web Gateway 5.0.2.8, a product that reached end-of-life in 2015 and end-of-support-life in 2019.
In the first week of May, the security researchers also observed a Mirai variant exploiting the RCE vulnerability in Symantec Secure Web Gateway 5.0.2.8.
Built on Mirai code, this variant features a modified version of UPX. "In this campaign, the samples themselves don't contain any DDoS capabilities, but rather serve the purpose of propagation using credential brute force and exploitation of the Symantec Secure Web Gateway RCE vulnerability," Palo Alto Networks explains.
What limits the propagation rate of the campaign is the fact that authentication is required for the successful exploitation of the Symantec Secure Web Gateway RCE, and that newer firmware releases are not vulnerable.