Security News > 2022 > December > New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network

New Go-based Botnet Exploiting Exploiting Dozens of IoT Vulnerabilities to Expand its Network
2022-12-07 04:03

A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things devices and other software.

The botnet "Contains several modules, including self-replication, attacks for different protocols, and self-propagation," Fortinet FortiGuard Labs researcher Cara Lin said.

"It also communicates with its command-and-control server using the WebSocket protocol."

Zerobot gets its name from a propagation script that's used to retrieve the malicious payload after gaining access to a host depending on its microarchitecture implementation.

Two versions of Zerobot have been spotted to date: One used before November 24, 2022, that comes with basic functions and an updated variant that includes a self-propagating module to breach other endpoints using 21 exploits.

Zerobot, upon initialization in the compromised machine, establishes contact with a remote command-and-control server and awaits further instructions that allow it to run arbitrary commands and launch attacks for different network protocols like TCP, UDP, TLS, HTTP, and ICMP. "Within a very short time, it was updated with string obfuscation, a copy file module, and a propagation exploit module that make[s] it harder to detect and gives it a higher capability to infect more devices," Lin said.


News URL

https://thehackernews.com/2022/12/new-go-based-zerobot-botnet-exploiting.html