Security News > 2022 > December > Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities
The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network.
"The most recent distribution of Zerobot includes additional capabilities, such as exploiting vulnerabilities in Apache and Apache Spark, and new DDoS attack capabilities," Microsoft researchers said.
CVE-2020-25223 - A remote code execution vulnerability in the WebAdmin of Sophos SG UTM. CVE-2021-42013 - A remote code execution vulnerability in Apache HTTP Server.
CVE-2022-31137 - A remote code execution vulnerability in Roxy-WI. CVE-2022-33891 - An unauthenticated command injection vulnerability in Apache Spark.
Zerobot is said to proliferate by scanning and compromising devices with known vulnerabilities that are not included in the malware executable, such as CVE-2022-30023, a command injection vulnerability in Tenda GPON AC1200 routers.
Zerobot 1.1 further incorporates seven new DDoS attack methods by making use of protocols such as UDP, ICMP, and TCP, indicating "Continuous evolution and rapid addition of new capabilities."
News URL
https://thehackernews.com/2022/12/zerobot-botnet-emerges-as-growing.html
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-18 | CVE-2022-33891 | Unspecified vulnerability in Apache Spark The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. | 8.8 |
2022-07-08 | CVE-2022-31137 | Unspecified vulnerability in Roxy-Wi Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. | 9.8 |
2022-06-16 | CVE-2022-30023 | OS Command Injection vulnerability in Tenda HG9 Firmware 1.0.1 Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. | 8.8 |
2021-10-07 | CVE-2021-42013 | It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. | 9.8 |
2020-09-25 | CVE-2020-25223 | OS Command Injection vulnerability in Sophos Unified Threat Management A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | 9.8 |