News

Malware Echobot attacks IoT devices, Oracle applications, VMware and exploits old vulnerabilities

Echobot IoT malware is another variation of well-known Mirai malware, detected by security specialists from Palo Alto Networks in early June 2019.

Last week, Akamai experts presented a more detailed report on the new threat, from which it becomes clear that Echobot was following a general trend: the authors of malware did not change the basis but added new, additional modules to the Mirai sources.

“When Mirai was first released, it was found in IoT devices. Then variants of Mirai began targeting vulnerabilities in those devices”, — said specialist Akamai Larry Cashdollar.

When Palo Alto Networks researchers first noticed Malware, Echobot used exploits for 18 vulnerabilities. However, in the Akamai report, just a week later, Echobot already used 26 different exploits, both old and new, and, apparently, this is not the limit. The current version of Malvari attacks NAS, routers, NVR, IP cameras, IP phones and so on.

Akamai experts note that the most remarkable feature of Echobot is that its authors do not focus on vulnerabilities in Internet of things devices (routers, cameras, video recorders, etc.), but also use bugs in Oracle WebLogic and VMware SD-WAN to infect targets and malware distribution.

Read also: New Mirai type uses for attacks uses simultaneously 13 exploits

From the outside, it seems that creators of malware choose exploits absolutely randomly, but this impression is deceptive. So, often botnet operators start with a random selection of exploits, but soon they leave only those that allow attracting as many bots as possible, and deny others.

Exploits are “processed” in a matter of days, and are eliminated if they do not demonstrate effectiveness. As a result, the current arsenal of Echobot exploits can be considered a list of the most “useful” vulnerabilities to date. This list of exploits gives a good idea of which devices are currently the most frequently attacked.

“Botnet developers are always looking for ways to spread malware. They are not just relying on exploiting new vulnerabilities that target IoT devices, but vulnerabilities in enterprise systems as well. Some of the new exploits they’ve added are older and have remained unpatched by the vendor. It seems the updates to Echobot are targeting systems that have possibly remained in service, but whose vulnerabilities were forgotten. This is an interesting tactic as these systems if found have remained vulnerable for years and will probably remain vulnerable for many more”, – Akamai experts conclude the review of the Echobot botnet.

Source: https://blogs.akamai.com

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Doguhtam.xyz Pop-up Ads

About Doguhtam.xyz Doguhtam.xyz pop-ups can not expose out of nowhere. If you have clicked some…

1 min ago

Remove News-xlixoti.com Pop-up Ads

About News-xlixoti.com News-xlixoti.com pop-ups can not introduce out of nowhere. If you have actually clicked…

3 mins ago

Remove Ducesousightion.com Pop-up Ads

About Ducesousightion.com Ducesousightion.com pop-ups can not introduce out of the blue. If you have actually…

5 mins ago

Remove News-xlabica.live Pop-up Ads

About News-xlabica.live News-xlabica.live pop-ups can not launch out of the blue. If you have actually…

6 mins ago

Remove Mergechain.co.in Pop-up Ads

About Mergechain.co.in Mergechain.co.in pop-ups can not expose out of the blue. If you have clicked…

7 mins ago

Remove News-bnigebi.xyz Pop-up Ads

About News-bnigebi.xyz News-bnigebi.xyz pop-ups can not open out of nowhere. If you have actually clicked…

7 mins ago