Security News > 2022 > September > Moobot botnet is coming for your unpatched D-Link router
The Mirai malware botnet variant known as 'MooBot' has re-emerged in a new attack wave that started early last month, targeting vulnerable D-Link routers with a mix of old and new exploits.
MooBot was discovered by analysts at Fortinet in December 2021, targeting a flaw in Hikvision cameras to spread quickly and enlist a large number of devices into its DDoS army.
MooBot's operators leverage the low-attack complexity of the flaws to gain remote code execution on the targets and fetch the malware binary using arbitrary commands.
Eventually, the captured routers participate in directed DDoS attacks against various targets, depending on what MooBot's operators wish to achieve.
Users of compromised D-Link devices may notice internet speed drops, unresponsiveness, router overheating, or inexplicable DNS configuration changes, all common signs of botnet infections.
The best way to shut the door to MooBot is to apply the available firmware updates on your D-Link router.
News URL
Related news
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- D-Link urges users to retire VPN routers impacted by unfixed RCE flaw (source)
- D-Link tells users to trash old VPN routers over bug too dangerous to identify (source)
- Juniper warns of Mirai botnet targeting Session Smart routers (source)
- Juniper warns of Mirai botnet scanning for Session Smart routers (source)