Microsoft has identified a prolific botnet called Zerobot that is spread through IoT and web application vulnerabilities. The botnet has reportedly added new capabilities and exploits to its skillset, Microsoft states. Zerobot is sold on underground cybercrime forums as a malware-as-a-service model, meaning that its authors can update its functionality regularly. The botnet is comprised of connected devices that have been compromised, Microsoft says, including firewall devices, routers, and cameras.
Microsoft warned that it had recently observed the botnet exploiting vulnerabilities in Apache and Apache Spark to compromise devices, in addition to brute force attacks. The botnet injects a malicious payload after gaining device access that attempts to download different binaries that identify the architecture by brute force until it succeeds. To achieve persistence, the botnet uses a combination of methods including desktop entry and daemon for Linux devices and copy methods on Windows devices.
Read More: Zerobot Botnet Devs Add New Functionality