Zerobot: The Go-Powered Malware Exploiting Multiple Vulnerabilities

A novel Go-based botnet called Zerobot has been discovered in the wild exploiting security vulnerabilities in the internet of things (IoT) devices and other software. Zerobot is a Go-based botnet that takes advantage of nearly two dozen vulnerabilities to proliferate targeting a wide range of devices.

According to Fortinet FortiGuard Labs researcher Cara Lin, the botnet contains several modules for self-replication, attacking different protocols, and self-propagation. It also uses the WebSocket protocol to communicate with its command-and-control server. Because of these features, the malware can spread quickly and do a wide range of bad things.

The campaign began on November 18, 2022, and it went after Linux operating systems to take control of devices that were weak.

Zerobot is named after a propagation script it uses to retrieve malicious payload once it gains access to a host depending on the microarchitecture implementation it accessed (e.g., “zero.arm64”).

The Zerobot malware targets a wide range of CPU architectures, including i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64, and s390x.Any host with with any of these architectures gets infected.

To date, two versions of Zerobot have been spotted. The first version has basic functions and was used before November 24, 2022. The second version, which is an updated variant with “selfRepo” module, is more advanced and dangerous and it includes a self-propagating module that allows it to breach devices using 21 exploits.

21 Exploit list in Zerobot

The two exploits named “ZERO_xxxxx” at the top of Figure 12 were collected from the website “0day.today” (Figure 14). This site shares numerous exploits for “educational” purposes. The numbers “36290” and “32960” were assigned from this website.

The 21 exploits include security vulnerabilities affecting TOTOLINK routers, Zyxel firewalls, F5 BIG-IP, Hikvision cameras, FLIR AX8 thermal cameras, D-Link DNS-320 network attached storage devices, and Spring Framework, among others.

“Within a very short time, it was updated with string obfuscation, a copy file module, and a propagation exploit module that make[s] it harder to detect and gives it a higher capability to infect more devices,” Lin said.

Also read: New RansomExx Ransomware Variant Switching to Rust Programming Language

Zerobot, after being installed on a compromised device, connects to a remote command-and-control (C2) server and awaits further instructions. This allows it to run arbitrary commands and launch attacks on various network protocols like TCP, UDP, TLS, HTTP, and ICMP.

Users should be aware of this threat and take steps to patch any affected systems on their network and apply patches as they become available.

37 thoughts on “Zerobot: The Go-Powered Malware Exploiting Multiple Vulnerabilities”

  1. Spot on with this write-up, I truly suppose this web site needs far more consideration. I’ll in all probability be once more to read far more, thanks for that info.

  2. I was suggested this web site by my cousin. I am not sure whether this post is written by him as nobody else know such detailed about my trouble. You are incredible! Thanks!

  3. Excellent pieces. Keep posting such kind of information on your site.

    Im really impressed by your blog.
    Hello there, You have performed an incredible job. I’ll definitely digg it and
    individually suggest to my friends. I am sure they
    will be benefited from this web site.

  4. I have been absent for some time, but now I remember why I used to love this site. Thanks , I will try and check back more frequently. How frequently you update your website?

  5. Pretty great post. I just stumbled upon your blog and wanted to mention that I have really enjoyed surfing around your blog posts. After all I will be subscribing to your feed and I’m hoping you write once more soon!

  6. I am not sure the place you are getting your information, but good topic. I must spend a while finding out much more or figuring out more. Thanks for excellent information I used to be in search of this info for my mission.

  7. Can I just say what a relief to find someone who actually knows what theyre talking about on the internet. You definitely know how to bring an issue to light and make it important. More people need to read this and understand this side of the story. I cant believe youre not more popular because you definitely have the gift.

  8. Throughout this great design of things you actually secure a B+ for effort. Where you actually misplaced everybody was in the specifics. As people say, the devil is in the details… And that couldn’t be much more accurate right here. Having said that, permit me inform you what did do the job. Your text can be extremely powerful and that is most likely why I am making an effort in order to opine. I do not make it a regular habit of doing that. Secondly, whilst I can easily see the leaps in reasoning you make, I am not necessarily confident of how you appear to connect the details which make the actual final result. For right now I shall yield to your position but hope in the foreseeable future you link the facts much better.

  9. Hello, Neat post. There is a problem along with your web site in internet explorer, might test thisK IE nonetheless is the marketplace chief and a good component of other people will pass over your excellent writing because of this problem.

  10. Good post. I be taught something tougher on different blogs everyday. It’ll all the time be stimulating to read content material from other writers and practice a little bit something from their store. I’d choose to use some with the content on my blog whether you don’t mind. Natually I’ll give you a hyperlink on your net blog. Thanks for sharing.

  11. Thanks a lot for sharing this with all of us you actually know what you’re talking about! Bookmarked. Please also visit my web site =). We could have a link exchange contract between us!

  12. whoah this blog is great i like reading your posts. Stay up the great paintings! You realize, a lot of people are looking round for this information, you could help them greatly.

  13. Sight Care is a visual wellness supplement that is currently available in the market. According to the Sight Care makers, it is efficient and effective in supporting your natural vision

  14. I’ve been exploring for a bit for any high quality articles or weblog posts on this kind of space . Exploring in Yahoo I at last stumbled upon this site. Studying this info So i am glad to convey that I have a very just right uncanny feeling I came upon just what I needed. I most certainly will make certain to do not disregard this web site and provides it a glance on a constant basis.

  15. My spouse and i have been absolutely thrilled when Louis managed to complete his web research from your ideas he acquired through your weblog. It is now and again perplexing just to continually be offering key points which often men and women could have been selling. Therefore we grasp we have got you to give thanks to because of that. These illustrations you have made, the straightforward blog menu, the friendships you can help to foster – it’s got many sensational, and it’s assisting our son and our family know that the idea is brilliant, and that’s exceptionally pressing. Thanks for the whole thing!

  16. I’ve been absent for a while, but now I remember why I used to love this web site. Thank you, I?¦ll try and check back more often. How frequently you update your website?

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top