Researchers at Qihoo 360 have discovered that Moobot Botnet has been successfully deployed on fiber routers with zero-day vulnerability, for remote code execution. In total, nine suppliers are affected by the same vulnerability.
Recent zero-day vulnerabilities in
IoT devices Researchers have noticed that in the last 30 days or so, several zero-day vulnerabilities in IoT devices have become exploit for botnets. A zero-day vulnerability in the LILIN DVR became exploit for the spread of Chalubo, FBot, and Moobot botnets. On February 13, 2020, the supplier corrected the vulnerability and released the latest software program 2.0b60_20200207. DrayTek routers, as well as various devices, are affected by zero-day vulnerabilities. On February 10, 2020, the router maker issued a security newsletter containing corrections for these vulnerabilities and released the latest 1.5.1 firmware program.
Distribution of Moobot Botnet to fiber routers
On February 28, 2020, researchers noticed that the Moobot botnet successfully exploited vulnerabilities to spread to fiber routers including the Netlink GPON router. Researchers have informed CNCERT about the zero-day vulnerabilities that affect many fiber routers. Moobot is a new type of botnet based on Mirai. Apart from Monet Botnet, other botnets such as Fbot botnet and Gafgyt botnets have failed to spread to fiber routers as they require two steps to take advantage of a zero-day vulnerability. The first step involves another vulnerability and the second involves the use of PoC available on Exploit db. Researchers have not publicly disclosed the first part of the vulnerability.
Patience in Exploitdb PoC
Type : remote command execution
Details: The Ping () function in the Web/bin/boa server program, when processing the post request from / boaform / admin/forming, does not check the target_addr parameters before calling the system’s ping commands, thus making the command possible. injection.
Finally, users of IoT devices are advised to do the best practices so that they can directly control and update the hardware of their device as well as check if there are default accounts that need to be turned off.