Zerobot malware [not to be mistaken for the ZeroBot chatbot developed by zerobot.ai] has undergone substantial updates that enhance its abilities to attack and proliferate, allowing it to target more Internet-connected (IoT) devices and upscale its malicious operation.
According to a recent Microsoft Security Threat Intelligence Center (MSTIC) report, the malware’s latest iteration also added new distributed denial-of-service (DDoS) abilities.
Zerobot is a Go-based botnet offered as part of a malware-as-a-service (MaaS) operation. It spreads through flaws in IoT devices such as routers, cameras and firewalls, as well as web app vulnerabilities.
“Zerobot affects a variety of devices that include firewall devices, routers, and cameras, adding compromised devices to a distributed denial of service (DDoS) botnet,” reads Microsoft’s security advisory.“Using several modules, the malware can infect vulnerable devices built on diverse architectures and operating systems, find additional devices to infect, achieve persistence, and attack a range of protocols.”
Vulnerable devices with improper configurations are among the most susceptible to Zerobot attacks, as the malware spreads by brute-forcing weak or default credentials. Researchers noticed that the malware uses combinations of “eight common usernames and 130 passwords” to compromise IoT devices through SSH and telnet using ports 23 and 2323.
Aside from brute forcing, Zerobot exploits various vulnerabilities to spread on target devices and deploy malicious payloads. Some of the latest vulnerabilities added to Zerobot 1.1’s arsenal include:
Even worse, Zerobot can also propagate using known vulnerabilities not included in the malware binary, such as CVE-2022-30023, a Tenda GPON AC1200 command injection flaw.
Specialized software like Bitdefender Ultimate Security can keep you safe from cyberthreats with its extensive feature library, which includes:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024