Friday, February 3, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > Zerobot 1.1 exploits Apache vulnerabilities to spread

Zerobot 1.1 exploits Apache vulnerabilities to spread

Zerobot operators are constantly adding new new exploits; the 1.1 version can now utilize Apache vulnerabilities to spread.


Ezgi Koc Ezgi Koc
December 22, 2022
3 min read
Zerobot 1.1 exploits Apache vulnerabilities to spread
  • Microsoft researchers have also found new evidence that Zerobot propagates by compromising devices with known vulnerabilities that are not included in the malware binary.
  • Zerobot uses a combination of desktop entry, daemon, and service methods to achieve persistence on Linux-based devices.
  • While Zerobot has new ways to exploit systems with new DDoS attack capabilities, there are ways to protect yourself from these attacks.

The threat posed by botnet malware operations to devices and networks is continually changing. Threat actors target Internet of Things (IoT) devices because their setups generally leave them vulnerable and because there are an increasing number of internet-connected gadgets. The Zerobot botnet, an example of an evolving threat, has been modified to capitalize on security flaws on unpatched Apache servers and spreads by utilizing the vulnerabilities in IoT devices.

Table of Contents

  • New exploits, new capabilities
  • Used in DDoS attacks
  • Persistence on Linux devices
    • Desktop entry
    • Daemon
    • Service

New exploits, new capabilities

Zerobot seems to be a continuously evolving threat, the malware’s operators are constantly introducing new exploits and functionalities. Since Microsoft began to keep track of it, Zerobot has received multiple updates and is provided as a component of a malware-as-a-service scheme. In December 2022, the FBI confiscated a number of domains linked to DDoS-for-hire services, including one with connections to Zerobot.

The most recent version of Zerobot offers new DDoS attack capabilities as well as other features including the ability to exploit Apache and Apache Spark vulnerabilities, CVE-2021-42013 and CVE-2022-33891, respectively.

The malware tries to access devices by utilizing a combination of eight popular aliases and 130 IoT device passwords using SSH and telnet on ports 23 and 2323. On default ports 22 and 23, multiple SSH and telnet connection attempts were discovered. Additionally, efforts to open ports and connect to them via port knocking on ports 80, 8080, 8888, and 2323 were discovered by Microsoft researchers.

Used in DDoS attacks

Once it has gained access to a system, it downloads a script named zero.sh that will download and execute Zerobot, gain persistence, and spread to additional online vulnerable devices. The botnet accumulates hacked devices, and they are used to perform DDoS attacks using a variety of protocols. They can also give the operators access to the networks.

Zerobot uses dozens of vulnerabilities that malware operators continuously add to it in order to obtain access to targets and insert malicious payloads. Numerous new exploits of vulnerabilities are present in Zerobot 1.1, including:

Vulnerability Affected software
CVE-2017-17105 Zivif PR115-204-P-RS
CVE-2019-10655 Grandstream
CVE-2020-25223 WebAdmin of Sophos SG UTM
CVE-2021-42013 Apache
CVE-2022-31137 Roxy-WI
CVE-2022-33891 Apache Spark
ZSL-2022-5717 MiniDVBLinux

Persistence on Linux devices

To achieve persistence on Linux-based devices, Zerobot uses a combination of desktop entry, daemon, and service methods:

Desktop entry

Zerobot copies itself to $HOME/.config/ssh.service/sshf then writes a desktop entry file called sshf.desktop to the same directory.

Older Linux versions use $HOME/.config/autostart instead of $HOME/.config/ssh.service.

Daemon

Copies itself to /usr/bin/sshf and writes a configuration at /etc/init/sshf.conf.

Service

Copies itself to /etc/sshf and writes a service configuration at /lib/system/system/sshf.service, then enables the service to make sure it starts at boot with two commands:

systemctl enable sshf
service enable sshf

All persistence mechanisms on older Linux versions use my.bin and my.bin.desktop instead of sshf and sshf.desktop.

See more Cybersecurity News


Tags: Apache Software Foundation
Ezgi Koc

Ezgi Koc

Ezgi Koc is an editor at Cloud7 News. She graduated from Ege University with a bachelor's degree in English Language and Literature. She had a great interest in technology, both hardware and software, since her childhood and decided to pursue a career that would enable her to broaden her horizons in this field. She is very passionate about video games as a Twitch affiliate and streams games in her free time.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
ChatGPT can be used to create a full infection flow

ChatGPT can be used to create a full infection flow

Related News

LockBit encryptor source code is updated

LockBit encryptor source code is updated

February 3, 2023 4:40 pm
Fortinet is expanding its SOC offerings portfolio

Fortinet is expanding its SOC offerings portfolio

February 3, 2023 2:00 pm
Radware announces a new partner program

Radware announces a new partner program

February 3, 2023 1:30 pm
APTs are looking for developers to hire with hefty paychecks

APTs are looking for developers to hire with hefty paychecks

February 1, 2023 2:30 pm
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Editor's Choice

What’s new in Linux kernel 6.2 rc6?

10 Best Web Hosting Services of 2023

Ubuntu 22.04 LTS is available for download. What is new?

CERN and Fermilab recommend AlmaLinux

7 best hosting control panels of 2023

How to update Linux Kernel without rebooting?

7 best Linux mail servers of 2023

7 best cPanel alternatives for 2023

7 best Linux web browsers for 2023

7 best CentOS alternatives

7 best Linux server distros of 2023

Interview with Igor Seletskiy on AlmaLinux

How to create a VM on VMware Workstation

Recent News

  • LockBit encryptor source code is updated
  • LibreOffice 7.5 Community is released. What’s new?
  • NTT to add Palo Alto Networks’ solution to its portfolio
  • Gcore announces partnership with Super Protocol
  • Fortinet is expanding its SOC offerings portfolio

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2023, Cloud7 News. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2023, Cloud7 News. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.