Threat Management

Several IoT flaws leveraged by updated Zerobot botnet

The Hacker News reports that an updated Zerobot botnet has been exploiting 21 vulnerabilities in Internet of Things devices and software in a new malware campaign that began after November 18. Some of the vulnerabilities used by Zerobot include flaws affecting F5 BIG-IP, HIkvision cameras, Zyxel firewalls, TOTOLINK routers, D-Link DNS-320 network attached storage, and Spring Framework, a Fortinet FortiGuard Labs report showed. The Zerobot botnet, referenced in this article, is not affiliated with the service called ZeroBot.ai, an internet-accessible verbal chatbot. Numerous modules for self-replication, self-propagation, and for other attack protocols have been integrated in Zerobot, which also leverages the WebSocket protocol for command-and-control server communication. Following contact with the C2 server, Zerobot will be waiting for commands for facilitating arbitrary command execution, as well as attacks targeting the TCP, TLS, HTTP, ICMP, and UDP protocols. "Within a very short time, [Zerobot] was updated with string obfuscation, a copy file module, and a propagation exploit module that make[s] it harder to detect and gives it a higher capability to infect more devices," said researcher Cara Lin. (UPDATE: 7/12/2023: This article has been updated to clarify that the Zerobot botnet is not affiliated with the service ZeroBot.ai, an internet-accessible verbal chatbot that has no connection to the botnet mentioned in the article.)

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.