Security News > 2022 > December > Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities

Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities
2022-12-22 09:39

The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network.

"The most recent distribution of Zerobot includes additional capabilities, such as exploiting vulnerabilities in Apache and Apache Spark, and new DDoS attack capabilities," Microsoft researchers said.

CVE-2020-25223 - A remote code execution vulnerability in the WebAdmin of Sophos SG UTM. CVE-2021-42013 - A remote code execution vulnerability in Apache HTTP Server.

CVE-2022-31137 - A remote code execution vulnerability in Roxy-WI. CVE-2022-33891 - An unauthenticated command injection vulnerability in Apache Spark.

Zerobot is said to proliferate by scanning and compromising devices with known vulnerabilities that are not included in the malware executable, such as CVE-2022-30023, a command injection vulnerability in Tenda GPON AC1200 routers.

Zerobot 1.1 further incorporates seven new DDoS attack methods by making use of protocols such as UDP, ICMP, and TCP, indicating "Continuous evolution and rapid addition of new capabilities."


News URL

https://thehackernews.com/2022/12/zerobot-botnet-emerges-as-growing.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-07-18 CVE-2022-33891 OS Command Injection vulnerability in Apache Spark
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable.
network
low complexity
apache CWE-78
8.8
8.8
2022-07-08 CVE-2022-31137 OS Command Injection vulnerability in Roxy-Wi
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers.
network
low complexity
roxy-wi CWE-78
critical
 9.8
9.8
2022-06-16 CVE-2022-30023 OS Command Injection vulnerability in Tenda HG9 Firmware 1.0.1
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.
network
low complexity
tenda CWE-78
8.8
8.8
2021-10-07 CVE-2021-42013 It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient.
network
low complexity
apache fedoraproject oracle netapp
critical
 9.8
9.8
2020-09-25 CVE-2020-25223 OS Command Injection vulnerability in Sophos Unified Threat Management
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
network
low complexity
sophos CWE-78
critical
 9.8
9.8