Zerobot Weaponizes Numerous Flaws in Slew of IoT Devices

The botnet exploits flaws in various routers, firewalls, network-attached storage, webcams, and other products and allows attackers to take over affected systems.

A new botnet is attacking organizations through various vulnerabilities in Internet of Things (IoT) devices from D-Link, Huawei, RealTek, TOTOLink, Zyxel, and more, posing a critical threat that allows attackers to take over vulnerable systems, researchers have found.
The
botnet
, dubbed Zerobot (and not to be confused with ZeroBot.ai, which is a legitimate chatbot), is written in the Go programming language, includes modules capable of self-replication and self-propagation, as well as attacks for different protocols, a researcher from Fortinet shared in
a blog post
published Dec. 6.
Zerobot targets several vulnerabilities to gain access to a device and then downloads a script for further propagation, Fortinet Labs senior antivirus analyst Cara Lin wrote in the post.
So far, researchers have seen two versions of the botnet, one that they began tracking on Nov. 18 and a more sophisticated version that appeared soon after, on Nov. 24, that added a string of new capabilities.
The first version of Zerobot was quite basic, but attackers quickly updated it to include a selfRepo module that allows it to reproduce itself and infect more endpoints with different protocols or vulnerabilities, researchers said. The latest version — on which their analysis is based — also includes string obfuscation and a copy file module.
Zerobot initiates an attack by first checking its connection to 1.1.1.1, the DNS resolver server from Cloudflare. It then copies itself onto the targeted device based on the victims OS type, with different tactics depending on the platform, researchers said.
For Windows, Zerobot copies itself to the Startup folder with the filename FireWall.exe. If the targeted platform is Linux, it has three file paths — HOME%, /etc/init/, and /lib/systemd/system/.
Once it is copied onto the targeted device, Zerobot then sets up an AntiKill module to prevent users from disrupting its program once its started. This module monitors a particular hex value and uses signal.Notify to intercept any signal sent to terminate or kill the process, Lin wrote.
After initialization, Zerobot starts a connection to its command-and-control (C2) server, ws[:]//176[.]65[.]137[.]5/handle, using the WebSocket protocol.
Once it sets up a communication channel, the client waits for a command from the server to unleash any of 21 exploits for various vulnerabilities found in IoT products, as well as some others — including the Java framework vulnerability
Spring4Shell
, phpAdmin, and F5 Big — to increase its success rate, Lin wrote.
Fortinet included a list of the numerous vulnerabilities that Zerobot exploits, which are found in assorted devices including routers, webcams, network attached storage, firewalls, and other products from a host of well-known manufacturers.
Lin advised any organization using these devices to update to the latest versions or apply any available patches immediately. Indeed, with businesses losing
up to $250 million
a year on unwanted botnet attacks, according to a report published last year from Netacea, organizations would be wise to evaluate their environments to discover any device that might be vulnerable to Zerobot, she noted.
Users should be aware of this new threat, patch any affected systems … running on their network, and actively apply patches as they become available, Lin wrote.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Zerobot Weaponizes Numerous Flaws in Slew of IoT Devices