Security News > 2022 > September > Moobot botnet is coming for your unpatched D-Link router
The Mirai malware botnet variant known as 'MooBot' has re-emerged in a new attack wave that started early last month, targeting vulnerable D-Link routers with a mix of old and new exploits.
MooBot was discovered by analysts at Fortinet in December 2021, targeting a flaw in Hikvision cameras to spread quickly and enlist a large number of devices into its DDoS army.
MooBot's operators leverage the low-attack complexity of the flaws to gain remote code execution on the targets and fetch the malware binary using arbitrary commands.
Eventually, the captured routers participate in directed DDoS attacks against various targets, depending on what MooBot's operators wish to achieve.
Users of compromised D-Link devices may notice internet speed drops, unresponsiveness, router overheating, or inexplicable DNS configuration changes, all common signs of botnet infections.
The best way to shut the door to MooBot is to apply the available firmware updates on your D-Link router.
News URL
Related news
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Juniper warns of Mirai botnet targeting Session Smart routers (source)
- Juniper warns of Mirai botnet scanning for Session Smart routers (source)
- New botnet exploits vulnerabilities in NVRs, TP-Link routers (source)
- FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- 13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)