Security News > 2022 > September > Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities
A variant of the Mirai botnet known as MooBot is co-opting vulnerable D-Link devices into an army of denial-of-service bots by taking advantage of multiple exploits.
"If the devices are compromised, they will be fully controlled by attackers, who could utilize those devices to conduct further attacks such as distributed denial-of-service attacks," Palo Alto Networks Unit 42 said in a Tuesday report.
In the latest wave of attacks discovered by Unit 42 in early August 2022, as many as four different flaws in D-Link devices, both old and new, have paved the way for the deployment of MooBot samples.
Successful exploitation of the aforementioned flaws could lead to remote code execution and the retrieval of a MooBot payload from a remote host, which then parses instructions from a command-and-control server to launch a DDoS attack on a specific IP address and port number.
"The vulnerabilities have low attack complexity but critical security impact that can lead to remote code execution," the researchers said.
"Once the attacker gains control in this manner, they could take advantage by including the newly compromised devices into their botnet to conduct further attacks such as DDoS.".
News URL
https://thehackernews.com/2022/09/mirai-variant-moobot-botnet-exploiting.html
Related news
- Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities (source)
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- D-Link urges users to retire VPN routers impacted by unfixed RCE flaw (source)
- D-Link tells users to trash old VPN routers over bug too dangerous to identify (source)