New BotenaGo Botnet Uses 33 Notkun gegn IoT tækjum

Helga Smithnóvember 17, 2021Síðast uppfært: janúar 14, 2022
63 1 mínútu lestur

AT&T experts have discovered a new botnet BotenaGo. The malware uses more than thirty exploits to attack routers and other Internet of Things devices.

As the name implies, the botnet is written in the Golang (Go) language, which has become increasingly popular among malware developers in recent years. Only 6 out of 62 antivirus products on VirusTotal identify BotenaGo as malware (with some identifying it as a Mirai variation).

VirusTotal Report

The researchers say that BotenaGo uses 33 exploits for various routers, modems and NAS devices. Among them there are exploits for the following problems:

  1. CVE-2015-2051, CVE-2020-9377, CVE-2016-11021: D-Link beinar;
  2. CVE-2016-1555, CVE-2017-6077, CVE-2016-6277, CVE-2017-6334: Netgear tæki;
  3. CVE-2019-19824: Realtek SDK based routers;
  4. CVE-2017-18368, CVE-2020-9054: Zyxel routers and NAS;
  5. CVE-2020-10987: Tenda Products;
  6. CVE-2014-2321: ZTE Modems;
  7. CVE-2020-8958: 1GE ONU.

Due to so many exploits, malware is capable of attacking millions of devices. Til dæmis, experts write that, according to Shodan, the vulnerable open-source Boa web server alone, whose support has already been discontinued, is still used by more than two million devices.

Shodan Report

The AT&T report states that the malware uses different links to receive payloads, depending on the device being attacked. Því miður, during the study of the malware, there were no payloads on the server at all, so it was not possible to study them.

Auk þess, the researchers write that they have not yet found active communications between BotenaGo and the server controlled by the attackers. They give three possible explanations for this:

  1. BotenaGo is only a part (module) of a multi-stage modular attack, and it is not at all responsible for communicating with the C&C server.
  2. BotenaGo is a new tool used by Mirai operators on certain machines. This theory is supported by general references for payloads.
  3. Malware is not ready for work yet, and the sample accidentally got into the network.

Let me remind you that I also wrote that Bleikur botnet is infected over 1.5 milljón tæki, sem og það MyKings botnet steals cryptocurrency via clipboard.

Merki
Helga Smithnóvember 17, 2021Síðast uppfært: janúar 14, 2022
63 1 mínútu lestur

Helga Smith

Ég hafði alltaf áhuga á tölvunarfræði, sérstaklega gagnaöryggi og þemað, sem heitir nú á dögum "gagnafræði", síðan á unglingsárum mínum. Áður en þú kemur inn í teymið til að fjarlægja veirur sem aðalritstjóri, Ég starfaði sem sérfræðingur í netöryggi í nokkrum fyrirtækjum, þar á meðal einn af verktökum Amazon. Önnur upplifun: Ég hef kennt í Arden og Reading háskólunum.

Skildu eftir skilaboð

Þessi síða notar Akismet til að draga úr ruslpósti. Lærðu hvernig ummælagögnin þín eru unnin.

Aftur efst á hnappinn