Security News > 2022 > December > New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network
A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things devices and other software.
The botnet "Contains several modules, including self-replication, attacks for different protocols, and self-propagation," Fortinet FortiGuard Labs researcher Cara Lin said.
"It also communicates with its command-and-control server using the WebSocket protocol."
Zerobot gets its name from a propagation script that's used to retrieve the malicious payload after gaining access to a host depending on its microarchitecture implementation.
Two versions of Zerobot have been spotted to date: One used before November 24, 2022, that comes with basic functions and an updated variant that includes a self-propagating module to breach other endpoints using 21 exploits.
Zerobot, upon initialization in the compromised machine, establishes contact with a remote command-and-control server and awaits further instructions that allow it to run arbitrary commands and launch attacks for different network protocols like TCP, UDP, TLS, HTTP, and ICMP. "Within a very short time, it was updated with string obfuscation, a copy file module, and a propagation exploit module that make[s] it harder to detect and gives it a higher capability to infect more devices," Lin said.
News URL
https://thehackernews.com/2022/12/new-go-based-zerobot-botnet-exploiting.html
Related news
- IoT Devices in Password-Spraying Botnet (source)
- AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- Ngioweb Botnet Fuels NSOCKS Residential Proxy Network Exploiting IoT Devices (source)
- Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign (source)