Nove uporabe Botnago Botnet 33 Izkorišča proti IoT naprave

Helga Smithnovembra 17, 2021Zadnja posodobitev: januar 14, 2022
1 minutno branje

AT&T experts so odkrili a new botnet BotenaGo. The malware uses more than thirty exploits to attack routers and other Internet of Things devices.

As the name implies, the botnet is written in the Golang (Go) language, which has become increasingly popular among malware developers in recent years. Only 6 izven 62 antivirus products on VirusTotal identify BotenaGo as malware (with some identifying it as a Mirai variation).

VirusTotal Report

The researchers say that BotenaGo uporablja 33 exploits for various routers, modems and NAS devices. Among them there are exploits for the following problems:

  1. CVE-2015-2051, CVE-2020-9377, CVE-2016-11021: D-Link usmerjevalniki;
  2. CVE-2016-1555, CVE-2017-6077, CVE-2016-6277, CVE-2017-6334: Netgear naprave;
  3. CVE-2019-19824: Realtek SDK based routers;
  4. CVE-2017-18368, CVE-2020-9054: Zyxel routers and NAS;
  5. CVE-2020-10987: Tenda Products;
  6. CVE-2014-2321: ZTE Modems;
  7. CVE-2020-8958: 1GE ONU.

Due to so many exploits, malware is capable of attacking millions of devices. Na primer, experts write that, glede na Shodan, the vulnerable open-source Boa web server alone, whose support has already been discontinued, is still used by more than two million devices.

Shodan Report

The AT&T report states that the malware uses different links to receive payloads, depending on the device being attacked. Na žalost, during the study of the malware, there were no payloads on the server at all, so it was not possible to study them.

Poleg tega, the researchers write that they have not yet found active communications between BotenaGo and the server controlled by the attackers. They give three possible explanations for this:

  1. BotenaGo is only a part (modul) of a multi-stage modular attack, and it is not at all responsible for communicating with the C&C strežnik.
  2. BotenaGo is a new tool used by Mirai operators on certain machines. This theory is supported by general references for payloads.
  3. Malware is not ready for work yet, and the sample accidentally got into the network.

Naj vas spomnim, da sem to tudi napisal Roza botnet is infected over 1.5 milijonov naprav, kot tudi to MyKings botnet ukrade kriptovaluto prek odložišča.

Oznake
Helga Smithnovembra 17, 2021Zadnja posodobitev: januar 14, 2022
1 minutno branje

Helga Smith

Vedno me je zanimalo računalništvo, zlasti varnost podatkov in tema, ki se dandanes imenuje "znanost o podatkih", že od zgodnjih najstniških let. Pred prihodom v ekipo za odstranjevanje virusov kot glavni urednik, Delal sem kot strokovnjak za kibernetsko varnost v več podjetjih, including one of Amazon's contractors. Še ena izkušnja: Poučujem na univerzah Arden in Reading.

Pustite odgovor

Your email address will not be published. Required fields are marked *

To spletno mesto uporablja Akismet za zmanjšanje neželene pošte. Preberite, kako se obdelujejo vaši komentarji.

Gumb Nazaj na vrh