Security News > 2022 > December > Zerobot malware now shooting for Apache systems

Zerobot malware now shooting for Apache systems
2022-12-22 18:34

The Zerobot botnet, first detected earlier this month, is expanding the types of Internet of Things devices it can compromise by going after Apache systems.

The latest upgrade is going after Apache and Apache Spark systems.

Zerobot 1.1 can now exploit vulnerabilities in Apache and Apache Spark, according to MSTIC. There also are other vulnerabilities in the MiniDVBLinux DVR systems, Grandstream networking systems, and Roxy-WI GUI. The botnet exploits vulnerabilities on unpatched or badly secured devices and in some cases will use brute-force techniques on vulnerable devices that include insecure configurations that use default or weak credentials, the researchers wrote.

"The malware may attempt to gain device access by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323 to spread to devices," they wrote, adding that there also have been attempts to open ports and connect to them via port-knocking on ports 80, 8080, 8888, and 2323.

The malware can spread to devices by exploiting vulnerabilities that aren't included in its binary, such as CVE-2022-30023, a command injection vulnerability in GPON AC1200 routers from Tenda.

Sh to execute Zerobot or a script that downloads the Zerobot binary of a specific architecture by brute force.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/22/zerobot_microsoft_iot_botnet/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-06-16 CVE-2022-30023 OS Command Injection vulnerability in Tenda HG9 Firmware 1.0.1
Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.
network
low complexity
tenda CWE-78
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 544 711 366 1634