MooBot, a Mirai botnet variant, is transforming vulnerable D-Link devices into an army of denial-of-service bots by exploiting multiple vulnerabilities.
Palo Alto Networks Unit 42 said in a Tuesday report, “If the devices are compromised, they will be fully controlled by attackers, who could utilize those devices to conduct further attacks such as distributed denial-of-service (DDoS) attacks.”
MooBot, which was first revealed in September 2019 by Qihoo 360’s Netlab team, has previously aimed at LILIN digital video recorders and Hikvision video surveillance products to broaden its network. As many as four different flaws in D-Link devices, both old and new, have paved the way for the deployment of MooBot samples in the most recent wave of attacks discovered by Unit 42 in early August 2022. These are some examples:
- CVE-2015-2051 (CVSS score: 10.0) – D-Link HNAP SOAPAction Header Command Execution Vulnerability
- CVE-2018-6530 (CVSS score: 9.8) – D-Link SOAP Interface Remote Code Execution Vulnerability
- CVE-2022-26258 (CVSS score: 9.8) – D-Link Remote Command Execution Vulnerability, and
- CVE-2022-28958 (CVSS score: 9.8) – D-Link Remote Command Execution Vulnerability
Exploiting the aforementioned flaws successfully could result in remote code execution and the retrieval of a MooBot payload from a remote host, which then decodes instructions from a command-and-control (C
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: