Security News > 2022 > December > Zerobot malware now shooting for Apache systems

The Zerobot botnet, first detected earlier this month, is expanding the types of Internet of Things devices it can compromise by going after Apache systems.

The latest upgrade is going after Apache and Apache Spark systems.

Zerobot 1.1 can now exploit vulnerabilities in Apache and Apache Spark, according to MSTIC. There also are other vulnerabilities in the MiniDVBLinux DVR systems, Grandstream networking systems, and Roxy-WI GUI. The botnet exploits vulnerabilities on unpatched or badly secured devices and in some cases will use brute-force techniques on vulnerable devices that include insecure configurations that use default or weak credentials, the researchers wrote.

"The malware may attempt to gain device access by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323 to spread to devices," they wrote, adding that there also have been attempts to open ports and connect to them via port-knocking on ports 80, 8080, 8888, and 2323.

The malware can spread to devices by exploiting vulnerabilities that aren't included in its binary, such as CVE-2022-30023, a command injection vulnerability in GPON AC1200 routers from Tenda.

Sh to execute Zerobot or a script that downloads the Zerobot binary of a specific architecture by brute force.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/22/zerobot_microsoft_iot_botnet/