리눅스 서버의 취약점 Webmin은 Roboto로 봇넷 공격

Qihoo 360 Netlab 전문가는 Roboto로 공부 봇넷, 이는 올 여름 등장. 봇넷 Roboto로 리눅스 서버에서 Webmin은 취약점을 공격.

나는n August 2019, 정보 보안 전문가는 백도어가 Webmin은에서 발견 된 것을보고, 유닉스 시스템을위한 대중적인 시스템 관리 솔루션 (리눅스와 같은, FreeBSD의, 또는 오픈 BSD).

취약점 CVE-2019-15107 allowed an attacker to execute arbitrary code on the target system with superuser rights.

“Since exploiting the vulnerability was not difficult, just a few days after the disclosure of the bug information, vulnerable versions of Webmin were attacked”, – 쓰다 experts from Qihoo 360 Netlab.

It should be noted that according to official developers, Webmin has 이상 1,000,000 설치. Shodan discovers that more than 230,000 of them are accessible via the Internet, and according to BinaryEdge, 이상 470,000 installations are vulnerable and accessible via the Internet. 당연하지, such a “tidbit” had to be noticed by hackers.

“The Roboto botnet was one of the first to exploit the vulnerability in Webmin. Introduced in August 2019, Roboto lately has been mainly involved in development, with evolution of not only a size of the botnet, but also of the complexity of its code”, – write researchers from Qihoo 360 Netlab.

Although the main purpose of the botnet is definitely to conduct DDoS attacks, experts have not yet noticed Roboto doing it. Researchers believe that while botnet operators are mostly busy increasing size of the botnet, they have not yet reached the actual attacks.

또한 읽기: 유명한 infostealer "에이전트 테슬라는"특이한 점 적기가 있습니다

분석에 따르면, the botnet is able to arrange DDoS using ICMP, HTTP, TCP and UDP. 게다가, Roboto, installed on hacked Linux machines, can:

  • work as a reverse shell, which will allow an attacker to run shell commands on an infected host;
  • collect information about the system, processes and network of the infected server;
  • upload collected data to a remote server;
  • run system () 명령;
  • execute a file downloaded from a remote URL;
  • delete itself.
독서  Lsm.exe입니다을 제거하는 방법

Another interesting feature of Roboto is the structure of its internal design. Bots here are organized in a P2P network and transmit commands that they receive from the management server to each other. 따라서, not every bot individually communicates with the management server. The fact is that P2P communications are not so common in DDoS botnets (you can recall HajimeHide’N’Seek botnets as examples).

결과, most Roboto bots are simple “zombies” engaged in sending commands, while others work to support a P2P network or scan for other vulnerable Webmin installations to increase the size of the botnet.

[합계: 0    평균: 0/5]

트로이 킬러 소개

메모리 스틱에 트로이 킬러 휴대용 운반. 당신은 당신이 어디를 가든 당신의 PC가 어떤 사이버 위협에 저항 도울 수 있는지 확인하십시오.

또한 확인

SLoad를 제거하는 방법 (StarsLord) 바이러스 바이러스?

SLoad (StarsLord) 바이러스는 마이크로 소프트 시큐리티 에센셜 사용하는 일반 탐지입니다, Windows Defender를하고 …

Wudfhosts.exe 광부를 제거: 쉬운 단계는 제거하려면

새로운, 매우 유해한 암호 화폐 광부 바이러스는 실제로 안전과 보안에 의해 감지되었습니다 …

회신을 남겨주