CYBER NEWS

Rome Wasn’t Built in a Day, Mas isso Botnet Foi, Usando CVE-2017-17215

A new botnet has been detected by security researchers at NewSky security, with their discovery being confirmed by researchers from Qihoo 360 Netlab, Rapid7, and Greynoise. The botnet in question has compromised more than 18,000 routers in a single day, and has been built by leveraging a security flaw in Huawei HG532 routers known as CVE-2017-17215.




Botnet Built Only in a Day by Anarchy Hacker

CVE-2017-17215’s official description goes like this: “Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code”.

According to analysis, the scans for the flaw began on July 18, in the morning, via porto 37215.

The author of the botnet has called himself Anarchy and hasn’t provided any information as to why he created the botnet. De acordo com pesquisadores de segurança, Anarchy may be the same hacker who was using the Wicked nickname and who is behind some of Mirai’s variations. The variations have been identified as Wicked, Omni, and Owari and were actively used in DDoS attacks.

Story relacionado: Satori.Coin.Robber Botnet podem ser Roubando sua Ethereum

What is mostly concerning about the newly discovered botnet is the ease it was built with, using a high-profile security flaw that has been used before for similar reasons. Research indicates that CVE-2017-17215 has been deployed in the creation of at least two versions of the Satori botnet as well as some Mirai-based small botnets. Let’s take the Satori botnet which is a botnet that exploits a flaw in Huawei and a bug in Realtek SDK-based devices.

Essas vulnerabilidades foram exploradas para atacar computadores e infecto. O botnet em si foi escrito em cima do devastador botnet Mirai Internet das coisas. Satori’s operators exploited just these two vulnerabilities to successfully target hundreds of devices, researchers reported earlier this year.

The most alarming part of this story is that the Anarchy hacker built the botnet in the span of a single day. Apparently the hacker is not ready to stop yet and is planning to target another security flaw, CVE-2014-8361, which is a vulnerability in Realtek routers that can be exploited via port 52869.

Here’s the vulnerability’s official descrição: “The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request”.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...