Zerobot spreads by exploiting vulnerabilities in Apache servers

Share post:

According to Microsoft security researchers who have been monitoring Zerobot for months, operators are constantly adding new exploits and capabilities to Zerobot, a Go-based botnet that spreads primarily through IoT and web application vulnerabilities.

The Zerobot botnet has recently been updated to target vulnerable Apache web servers. Since November 2022, Zerobot developers have been deploying new versions of malware capable of attacking other types of devices such as firewalls, routers, and cameras.

The malware infects a wide range of devices, including firewalls, routers, and cameras, and adds infected devices to a distributed denial of service (DDoS) botnet. It can also exploit Apache and Apache Spark vulnerabilities (CVE-2021-42013 and CVE-2022-33891, respectively), as well as new DDoS attack capabilities.

The Microsoft Defender for IoT research team shared details about the latest version of the malware, Zerobot 1.1, including newly discovered capabilities, in a blog post. According to the report, Zerobot can spread via brute force attacks on vulnerable devices with insecure configurations that use default or weak credentials.

To spread to devices, it may attempt to gain device access by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323. In addition to brute force attacks on devices, Zerobot exploits dozens of vulnerabilities that malware operators update on a regular basis in order to gain access and inject malicious payloads.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways