Best Top Reviews Online

New Go-based Botnet Extending its Network by Exploiting Dozens of IoT Vulnerabilities

Zerobot, a novel Go-based botnet, has been spotted proliferating in the wild by exploiting nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software.

Cara Lin, a researcher at Fortinet FortiGuard Labs, said that the botnet “includes multiple modules, such as self-replication, attacks for various protocols, and self-propagation.” It also uses the WebSocket protocol to communicate with its command-and-control server.

The campaign, which reportedly began after November 18, 2022, targets Windows and Linux operating systems to seize control of vulnerable devices.

Zerobot derives its name from a propagation script that, depending on its microarchitecture implementation, is used to retrieve the malicious payload after gaining access to a host (e.g., “zero.arm64”).

Target CPU architectures include i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64, and s390x.

To date, two variants of Zerobot have been observed: One used before November 24, 2022, with basic functionality, and an updated variant with a self-propagating module that uses 21 exploits to breach other endpoints.

  • CVE-2014-08361: minigd SOAP service in Realtek SDK
  • CVE-2017-17106: Zivif PR115-204-P-RS V2.3.4.2103 Webcams
  • CVE-2017-17215: Huawei HG532 Router
  • CVE-2018-12613: phpMyAdmin
  • CVE-2020-10987: Tenda AC15 AC1900 Router CVE-2020-25506 D-Link DNS-320 NAS
  • CVE-2021-35395: Realtek Jungle SDK
  • CVE-2021-36260: Hikvision product
  • CVE-2021-46422: Telesquare SDT-CW3B1 Router
  • CVE-2022-01388: F5 BIG-IP
  • CVE-2022-22965: Spring MVC or Spring WebFlux application (Spring4Shell)
  • CVE-2022-25075: TOTOLink A3000RU Router
  • CVE-2022-26186: TOTOLINK N600R Router
  • CVE-2022-26210: Totolink A830R Router
  • CVE-2022-30525: Zyxel USG FLEX 100(W) Firewall
  • CVE-2022-34538: Digital Watchdog DW MEGApix IP cameras
  • CVE-2022-37061: FLIR AX8 thermal sensor cameras

Among the affected products are TOTOLINK routers, Zyxel firewalls, F5 BIG-IP, Hikvision cameras, FLIR AX8 thermal imaging cameras, D-Link DNS-320 NAS, and Spring Framework.

Zerobot, upon initialization on a compromised system, makes contact with a remote command-and-control (C2) server and awaits further instructions that enable it to execute arbitrary commands and launch DDoS attacks for various network protocols, including TCP, UDP, TLS, HTTP, and ICMP.

“Within a very short period, it was updated with string obfuscation, a copy file module, and a propagation exploit module, which makes it more difficult to detect and increases its ability to infect more devices,” Lin explained.

Why Trust Us?

Best Top Reviews Online was founded in 2018 to provide our readers with thorough, unbiased, and independent advice on what to buy. We now have millions of monthly users from all over the world and evaluate over 1,000 products per year.

The article above was written by the BestTopReviewsOnline team, which includes many of the US’s most knowledgeable technical experts. Our team includes well-known writers with extensive experience in mobile phones, computing, technology, photography, and other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.