Updated on 2022-12-22
The Zerobot botnet got an upgrade and now infects devices by abusing bugs in unpatched and internet-exposed Apache servers.
Updated on 2022-12-21
After a Fortinet report last week, Microsoft has also put out a report on the new Zerobot IoT DDoS botnet. The original report found that Zerobot was written in Go, and its operator(s) used exploits for n-day vulnerabilities to deploy the malware to various devices. Microsoft also found that Zerobot also used a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323 to spread to devices. In addition, the Zerobot gang also appears to have added new n-day exploits to their botnet too. Read more:
- Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities
- Microsoft research uncovers new Zerobot capabilities
Updated on 2022-12-07
Fortinet has a report out on a new IoT malware strain named ZeroBot. The malware is written in Go, and its operator(s) uses exploits for n-day vulnerabilities to deploy the malware to various devices. Read more: Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities
Overview
A new botnet, dubbed Zerobot, was found exploiting IoT vulnerabilities in Zyxel firewalls, TOTOLINK routers, D-Link DNS-320 NAS, and Hikvision cameras, among others. Read more: Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities