Security News > 2022 > December > Zerobot malware now spreads by exploiting Apache vulnerabilities

Zerobot malware now spreads by exploiting Apache vulnerabilities
2022-12-21 21:10

The Zerobot botnet has been upgraded to infect new devices by exploiting security vulnerabilities affecting Internet-exposed and unpatched Apache servers.

Zerobot has been under active development since at least November, with new versions adding new modules and features to expand the botnet's attack vectors and make it easier to infect new devices, including firewalls, routers, and cameras.

The update spotted by Microsoft adds newer exploits to the malware's toolkit, enabling it to target seven new types of devices and software, including unpatched Apache and Apache Spark servers.

"Microsoft researchers have also found new evidence that Zerobot propagates by compromising devices with known vulnerabilities that are not included in the malware binary, such as CVE-2022-30023, a command injection vulnerability in Tenda GPON AC1200 routers," the Microsoft Security Threat Intelligence team said.

Zerobot spreads through brute force attacks against unsecured devices with default or weak credentials and exploits vulnerabilities in Internet of Things devices and web applications.

New Zerobot malware has 21 exploits for BIG-IP, Zyxel, D-Link devices.


News URL

https://www.bleepingcomputer.com/news/security/zerobot-malware-now-spreads-by-exploiting-apache-vulnerabilities/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-06-16 CVE-2022-30023 OS Command Injection vulnerability in Tenda HG9 Firmware 1.0.1
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.
network
low complexity
tenda CWE-78
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 549 713 367 1642