Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
January 4, 2023 - TuxCare expert team
According to Microsoft, Zerobot, a one-of-a-kind botnet written in Go and distributed via IoT and web application vulnerabilities, has added new features and infection mechanisms.
Zerobot, according to FortiGuard Labs, contains several modules, including self-replication, attacks for various protocols, and self-propagation. It also uses the WebSocket protocol to communicate with its command-and-control server.
Microsoft says the malware has reached version 1.1 and is capable of exploiting flaws in Apache and Apache Spark to compromise various endpoints and then use them in attacks. It tagged the flaws used to deploy Zerobot as CVE-2021-42013 and CVE-2022-33891. It also mentioned that the ability to target vulnerabilities in MiniDVBLinux DVR systems, Grandstream networking systems, and the Roxy-WI GUI is one of the features.
Microsoft explains that once on the device, Zerobot injects a malicious payload that then attempts to download several binaries in order to identify the architecture by brute force. Depending on the operating system, the botnet employs a variety of persistence mechanisms to maintain access to infected devices.
“The malware may attempt to gain device access by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323 to spread to devices,” Microsoft wrote, adding that efforts to access ports and combine with them using port-knocking on ports 80, 8080, 8888, and 2323 have also been made.
It also has additional distributed denial-of-service attack capabilities, such as functions that allow threat actors to target and disable resources. Zerobot DDOS attacks that are successful can be used to extort ransom payments, distract from other malicious activity, or disrupt operations.
According to Microsoft, these capabilities enable threat actors to target various resources and render them inaccessible. According to the report, the destination port is customizable in almost every attack, allowing threat actors who purchase the malware to modify the attack as they see fit.
The sources for this piece include an article in SecurityAffairs.
Learn About Live Patching with TuxCare
According to CyberArk researchers, GPT-based models like ChatGPT can be...
Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...
Deep Instinct researchers reported that RATs like StrRAT and Ratty...
According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...
A remote attacker could exploit multiple vulnerabilities in four Cisco...
In a notable IcedID malware attack, the assailant impacted the...
Tech Support
Documentation
Login
Contact Us