Casa » Noticias » Echobot el malware ataca a dispositivos IO, las aplicaciones de Oracle, VMware y explota vulnerabilidades de edad

Echobot el malware ataca a dispositivos IO, las aplicaciones de Oracle, VMware y explota vulnerabilidades de edad

Echobot IO malware es otra variante del conocido software malicioso Mirai, detectado por los especialistas en seguridad de Palo Alto Networks, a principios de junio 2019.

Last week, Akamai expertos presentaron un informe más detallado sobre la nueva amenaza, a partir del cual se hace evidente que Echobot estaba siguiendo una tendencia general: los autores de malware no cambiaron la base, pero añaden nuevos, additional modules to the Mirai sources.

“When Mirai was first released, it was found in IoT devices. Then variants of Mirai began targeting vulnerabilities in those devices”, — said specialist Akamai Larry Cashdollar.

Cuando Palo Alto Networks researchers first noticed Malware, Echobot used exploits for 18 vulnerabilidades. sin embargo, in the Akamai report, just a week later, Echobot already used 26 different exploits, both old and new, y, aparentemente, this is not the limit. The current version of Malvari attacks NAS, enrutadores, NVR, IP cameras, IP phones and so on.

Akamai experts note that the most remarkable feature of Echobot is that its authors do not focus on vulnerabilities in Internet of things devices (enrutadores, cameras, video recorders, etcétera), but also use bugs in Oracle WebLogic y VMware SD-WAN to infect targets and malware distribution.

leer también: nuevo tipo de Mirai utiliza para los ataques utiliza de forma simultánea 13 exploits

From the outside, it seems that creators of malware choose exploits absolutely randomly, but this impression is deceptive. Asi que, often botnet operators start with a random selection of exploits, but soon they leave only those that allow attracting as many bots as possible, and deny others.

Exploits are “processed” in a matter of days, and are eliminated if they do not demonstrate effectiveness. Como resultado, the current arsenal of Echobot exploits can be considered a list of the mostusefulvulnerabilities to date. This list of exploits gives a good idea of which devices are currently the most frequently attacked.

Botnet developers are always looking for ways to spread malware. They are not just relying on exploiting new vulnerabilities that target IoT devices, but vulnerabilities in enterprise systems as well. Some of the new exploits they’ve added are older and have remained unpatched by the vendor. It seems the updates to Echobot are targeting systems that have possibly remained in service, but whose vulnerabilities were forgotten. This is an interesting tactic as these systems if found have remained vulnerable for years and will probably remain vulnerable for many more”, – Akamai experts conclude the review of the Echobot botnet.

Fuente: https://blogs.akamai.com

Acerca de Trojan Killer

Trojan Killer llevar portátil en su dispositivo de memoria. Asegúrese de que usted es capaz de ayudar a su PC resistir cualquier amenaza cibernética donde quiera que vaya.

también puedes ver

Predator troyano ladrón

Troya Predator Los ataques Thief amantes de dinero fácil y cazadores criptomoneda

Un investigador es independiente descubrió una campaña fraudulenta en YouTube, which spreads the spyware Trojan

ZoneAlarm cortó con la vulnerabilidad vBulletin

Los foros de ZoneAlarm hackeado debido a la vulnerabilidad vBulletin

Los foros de ZoneAlarm, que es propiedad de Check Point y cuyos productos se utilizan …

Deja una respuesta