The Zerobot botnet is making the headlines once again in a new campaign exploiting a range of security vulnerabilities. The malware spreads primarily through Internet of Things (IoT) and web application vulnerabilities, presenting a serious risk to organizations.
Zerobot: What Is Known So Far?
Zerobot is a Go-based botnet, meaning it is capable of infecting and controlling a network of computers. The malware uses an array of exploits, including web application and IoT vulnerabilities, to gain access to the targeted system and spread itself further. Once inside, the malware can take control of the system, allowing the operators to steal data, disrupt operations, and launch further attacks.
The operators of Zerobot are continuously adding new exploits and capabilities to the malware, making it an increasingly potent threat. According to experts, the malware has already been used in a series of targeted attacks, with victims ranging from small businesses to large enterprises.
“The most recent distribution of Zerobot includes additional capabilities, such as exploiting vulnerabilities in Apache and Apache Spark (CVE-2021-42013 and CVE-2022-33891 respectively), and new DDoS attack capabilities,” Microsoft said.
Here’s the list of vulnerabilities that the malware is now exploiting:
- CVE-2017-17105: Zivif PR115-204-P-RS
- CVE-2019-10655: Grandstream
- CVE-2020-25223: WebAdmin of Sophos SG UTM
- CVE-2021-42013: Apache
- CVE-2022-31137: Roxy-WI
- CVE-2022-33891: Apache Spark
- ZSL-2022-5717: MiniDVBLinux
There is also evidence that “Zerobot propagates by compromising devices with known vulnerabilities that are not included in the malware binary, such as CVE-2022-30023, a command injection vulnerability in Tenda GPON AC1200 routers”, as per the report.
Organizations are advised to remain vigilant against Zerobot and other malicious actors. This includes ensuring all systems and applications are patched and updated regularly, as well as monitoring networks for suspicious activity. Additionally, it is important to practice good cyber hygiene by using strong passwords, avoiding clicking on unfamiliar links, and maintaining backups of critical data.
The emergence of Zerobot highlights the need for organizations to remain vigilant and proactive in their security efforts. With new threats and exploits appearing on a regular basis, it is vital that organizations take the necessary steps to protect their systems and data.