HQ/EMEAFind out how we can help your business
The Zerobot botnet is the latest inclusion to the long line of malicious entities rampaging and exploiting IoT vulnerabilities in cyberspace. This newly discovered botnet is written in the Go language (Golang) and includes several features that could impact its targets.
In acquiring initial access, the Zerobot botnet targets numerous vulnerabilities within the Internet of Things (IoT) devices. Once access via flaw is found, the botnet can download a script to propagate itself across its targeted network.
Its first version was the Zeranol payload, which they first spotted last month, but it only contains basic capabilities and features. This new entity can now self-replication and compromise more endpoints using more than 20 flaws through the self-propagation feature.
The most notable exploits from different IoTs are from TOTOLINK routers, Spring Framework, D-Link DNS-320 NAS, Hikvision cameras, Zyxel firewalls, F5 BIG-IP, and FLIR AX8 thermal imaging cameras.
Zerobot botnet could infect numerous CPU architectures.
Researchers emphasised that the Zerobot botnet could target mips64le, mipsle, arm64, mips, mips64, ppc64, ppc64le, amd64, arm, i386, riscv64, and s390x CPU architectures.
This botnet could also provide more instructions once communication is established by its operators with their command-and-control server through the WebSocket Protocol. Furthermore, it could run arbitrary commands and deploy attacks for multiple network protocols such as TLS, UDP, TCP, ICMP, and HTTP.
Within a brief period from its last version, Zerobot operators have improved their malware by copying and upgrading file modules, string obfuscation, and propagation modules. Hence, it is more challenging for researchers to detect this botnet while it infects numerous IoT devices.
The researchers explained that the threat posed by this malware is very severe since remotely based actors could acquire access to flawed systems, and its AntiKill module obstructs its victims from disrupting their program.
Lastly, experts believe that this new botnet written in Golang has been developed by its authors to target various flaws in IoT devices. It could also infect many devices without being spotted by most security solutions since it has unique capabilities and advanced stealth functions.
Users should always patch any systems that require updating and actively apply them as soon as they are available to download.
