Casa > cibernético Notícias > Yowai Botnet, Variante de Mirai, Explora vulnerabilidade ThinkPHP Conhecido
CYBER NEWS

Yowai Botnet, Variante de Mirai, Explora vulnerabilidade ThinkPHP Conhecido

Uma vulnerabilidade conhecida apelidado ThinkPHP, que foi divulgado e fixado em dezembro do ano passado, tem sido explorado por botnet propagação por uma nova variante Mirai, Yowai, uma variante de Gafgyt conhecido como Hakai. A descoberta vem de Trend Micro, and the Mirai botnet variation has been detected as BACKDOOR.LINUX.YOWAI.A.




Pelo visto, hackers are using websites created with the PHP framework to breach web servers via dictionary attacks on default credentials. This helps them gain control of affected routers in DDoS attacks. Trend Micro’s telemetry indicates that the two botnets, Yowai e Hakai, triggered an unexpected increase in attacks and infection attempts in the period between January 11 e janeiro 17.

Technical Overview of the Yowai Botnet

The Yowai botnet appears to have a configuration table which is similar to other Mirai variants. This means that the table can be decrypted using the same procedures. The ThinkPHP vulnerability is chained with other known flaws.

Yowai listens on port 6 to receive commands from the command and control (C&C) servidor. After it infects a router, it uses dictionary attack in an attempt to infect other devices. The affected router now becomes part of a botnet that enables its operator to use the affected devices for launching DDoS attacks, Trend Micro said in seu relatório.

além do que, além do mais, several exploits are deployed to carry out the dictionary attacks. A message on the user’s console is displayed following the attack. The botnet also references a kill list of competing botnets and it aims to eradicate them from the targeted system. Como já mencionado, the ThinkPHP vulnerability is not the only one used in these attacks. The sample the researchers analyzed exploited the following flaws: CVE-2014-8361, a Linksys RCE, CVE-2018-10561, CCTV-DVR RCE.

relacionado: [wplinkpreview url =”https://sensorstechforum.com/bcmupnp_hunter-botnet-iot/”]Bcmupnp_Hunter Botnet set contra dispositivos da Internet das coisas: 100.000 Estão já infectadas

Technical Overview of the Hakai Botnet

Hakai, the Gafgyt variant, has been previously detected to rely on router vulnerabilities in attacks targeting IoT devices. The sample analyzed by TrendMicro is using security flaws that are likely unpatched, and it also utilized vulnerabilities in ThinkPHP, D-Link DSL-2750B router vuln, CVE-2015-2051, CVE-2014-8361, and CVE-2017-17215 to propagate and perform various DDoS attacks.

It is noteworthy that the Hakai sample contained codes copied from Mirai, such as the code for encrypting the configuration table.

Contudo, the functions we’ve identified are not operational, we suspect that the codes for telnet dictionary attack were intentionally removed to make this Hakai variant stealthier.

Since Mirai variants typically kill competing botnets, it may be advantageous for this Hakai variant to avoid targeting IoT devices that use default credentials. The approach of solely using exploits for propagation is harder to detect compared to telnet bruteforcing, which likely explains the spike we observed in attack attempts from our detection and blocking technology, o relatório observou.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

2 Comentários
  1. Avatarjesika

    Olá,
    Hope your are doing great.

    I am interested in your website
    for a blog/guest post.
    Can you please provide me the following details.
    Price for blog/guest post.?
    gambling/non gambling.?
    will you write the article.?
    will the post shows on home page..??

    let me know,
    Obrigado

    Resposta
    1. Milena DimitrovaMilena Dimitrova (pós autor)

      Olá,
      sensorstechforum.com/category/guest-blogging/

      Resposta

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...