BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • New self-propagating Zerobot botnet discovered


    A new botnet has been discovered by Fortinet experts. According to them, the underlying malware is written in Go and uses more than two dozen vulnerabilities in network and IoT devices to spread itself. Experts called this malware Zerobot.

    Hackers have been actively spreading malware since the middle of last year, infecting mostly Linux devices with it. The infection process looks like this:

    • The attacker injects Zerobot into the victim's device using one or more vulnerabilities;
    • Once in the system, the malware receives a special script from the C&C server that takes into account the victim's CPU architecture. Zerobot currently supports i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64 and s390x.
    • The downloaded script is responsible for the further distribution of Zerobot.

    So far, experts have found only two versions of Zerobot. The first was used until November 24 and it had only a set of basic functions. The latest version introduced a self-propagating module called selfRepo, which infects other devices through attacks using various protocols or vulnerabilities.

    It is worth noting that the botnet uses four vulnerabilities that have not been assigned an identifier. Two of them are aimed at GPON terminals and D-Link routers. Details on the other two are not yet available.

    After gaining a foothold in the system, Zerobot connects to the C&C server using the WebSocket protocol, then sends some information about the victim and waits for one of the response commands:

    • ping - maintains a connection;
    • attack - launches an attack using the TCP, UDP, TLS, HTTP, ICMP protocols;
    • stop - stops the attack;
    • update - installs the update and restarts Zerobot;
    • enable_scan - starts searching for open ports for further spread of malware through an exploit or hacking SSH/Telnet;
    • disable_scan - disables enable_scan;
    • command - runs the OS command;
    • kill - “kills” the malware. Its process can only be terminated this way because Zerobot uses the Antikill module.

    Experts believe that Zerobot will primarily be used to carry out DDoS attacks. In the future, there is a chance that attackers will use it to try to gain initial access to systems.

    Author DeepWeb
    Testing service in the Netherlands flooded with requests for drug testing
    Iranian hackers have improved their attack techniques and become a new global threat

    Comments 0

    Add comment