Qihoo 360 Netlab Spezialisten die Roboto studierte Botnet, die in diesem Sommer entstanden. Botnet Roboto greift Webmin Verwundbarkeit auf Linux-Servern.
ichn August 2019, Informationssicherheitsexperten berichteten, dass ein Backdoor in Webmin entdeckt wurde, eine beliebte System-Administration-Lösung für Unix-Systeme (wie Linux, FreeBSD, oder OpenBSD).die Verwundbarkeit CVE-2019-15107 allowed an attacker to execute arbitrary code on the target system with superuser rights.
“Since exploiting the vulnerability was not difficult, just a few days after the disclosure of the bug information, vulnerable versions of Webmin were attacked”, – schreiben experts from Qihoo 360 Netlab.
It should be noted that according to official developers, Webmin has Mehr als 1,000,000 Installationen. Shodan discovers that more than 230,000 of them are accessible via the Internet, and according to BinaryEdge, Mehr als 470,000 installations are vulnerable and accessible via the Internet. Na sicher, such a “tidbit” had to be noticed by hackers.
“The Roboto botnet was one of the first to exploit the vulnerability in Webmin. Introduced in August 2019, Roboto lately has been mainly involved in development, with evolution of not only a size of the botnet, but also of the complexity of its code”, – write researchers from Qihoo 360 Netlab.
Although the main purpose of the botnet is definitely to conduct DDoS attacks, experts have not yet noticed Roboto doing it. Researchers believe that while botnet operators are mostly busy increasing size of the botnet, they have not yet reached the actual attacks.
lesen Sie auch: Der berühmte infostealer „Agent Tesla“ hat eine ungewöhnliche Tropfer
Laut Analysten, the botnet is able to arrange DDoS using ICMP, HTTP, TCP and UDP. In Ergänzung, Roboto, installed on hacked Linux machines, Können:
- work as a reverse shell, which will allow an attacker to run shell commands on an infected host;
- collect information about the system, processes and network of the infected server;
- upload collected data to a remote server;
- run system () Befehle;
- execute a file downloaded from a remote URL;
- delete itself.
Another interesting feature of Roboto is the structure of its internal design. Bots here are organized in a P2P network and transmit commands that they receive from the management server to each other. Deshalb, not every bot individually communicates with the management server. The fact is that P2P communications are not so common in DDoS botnets (you can recall Hajime und Hide’N’Seek botnets as examples).
Als Ergebnis, most Roboto bots are simple “zombies” engaged in sending commands, while others work to support a P2P network or scan for other vulnerable Webmin installations to increase the size of the botnet.
