Monday, February 22, 02:47
Home security Moobot Botnet: Infects fiber routers with zero-day vulnerability

Moobot Botnet: Infects fiber routers with zero-day vulnerability

Her researchers Qihoo 360 have discovered that Moobot Botnet has successfully spread to fiber routers with zero-day vulnerability, for remote code execution. Overall, they are affected by the same vulnerability nine suppliers.

Recent zero-day vulnerabilities in IoT devices
Researchers have noticed that in the last 30 days or so, several zero-day vulnerabilities in IoT devices have exploded. botnets. Zero-day vulnerability in the LILIN DVR became exploit for the spread of Chalubo, FBot and Moobot botnets. On February 13, 2020, the supplier corrected the vulnerability and released the latest software program 2.0b60_20200207. DrayTek routers as well as various devices are affected by zero-day vulnerabilities. On February 10, 2020, the router manufacturer issued a newsletter security, which contained corrections for these vulnerabilities and released the latest 1.5.1 hardware program.

Distribution of Moobot Botnet to fiber routers

On February 28, 2020, researchers observed that the Moobot botnet successfully exploited vulnerabilities to spread to fiber routers including the Netlink GPON. router. The researchers informed CNCERT about the zero-day vulnerabilities that affect many fiber routers. Moobot is a new type of botnet based on Mirai. Apart from Monet Botnet, other botnets such as Fbot botnet and Gafgyt botnets have failed to spread to fiber routers as it takes two steps to exploit a zero-day vulnerability. The first step involves another vulnerability and the second involves its use PoC available on Exploit db. Researchers have not publicly disclosed the first part of the vulnerability.

Patience in Exploitdb PoC

Type: remote command execution  

Details: The function of the Ping () command in the Web / bin / boa server program, when processing the post request from / boaform / admin / forming, does not check the target_addr parameters before calling the ping commands of the system, thus making command injection possible. .

Finally, they are recommended for device users and production best practices so that they can directly control and update its firmware device as well as check if there are defaults accounts to be turned off.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...