23 C
Jaipur
Sunday, October 25, 2020

New Mozi P2P Botnet Attacks Netgear, GPON, D-Link and Huawei Routers

Must read

Python range() Function – Linux Hint

Python is a modern, general-purpose, and high-level programming language that comes with powerful features. Python has many built-in modules to support diverse operations. The...

2020 World Series live stream: how to watch Dodgers vs Rays game 4 from anywhere

Over the next few days,  the year's shortened MLB season will come to an end and baseball will crown a new champion - but...

Michigan vs Minnesota live stream: how to watch Big Ten college football tonight

Big Ten college football is back, and the Michigan Wolverines vs Minnesota Golden Gophers game - one of the oldest rivalries in American college...

How to watch Khabib vs Gaethje: live stream UFC 254 right now

It's Fight Island's final bout of the year, and what a clash to be ringing that final bell to. UFC 254 plays host to...

A new Distributed Hash Table (DHT) protocol based botnet dubbed Mozi attacks routers with weak passwords and known exploits. The botnet appears to be active at least from September 03, 2019.

DHT is a decentralized distributed that provides lookup service similar to key pair stored in DHT and retrieves a value based on the associated key. The protocol is mainly used in torrent clients and other peer-to-peer file-sharing platforms.

Mozi Botnet uses DHT protocol to quickly establish a network and to hide the payload with a vast amount of regular DHT traffic.

Mozi Botnet
Mozi Botnet Traffic

Mozi Botnet

Security researchers at 360 Netlab discovered a suspicious file that reuses part of the Gafgyt malware code, further analysis reveals that “P2P botnet implemented based on the DHT protocol, researchers called it as Mozi based on its propagation sample.”

The botnet relies on the custom P2P network, uses ECDSA384 and the xor algorithm to ensure integrity and security. The botnet can perform the following functions

  • DDoS attack
  • Collecting Bot Information
  • Execute the payload of the specified URL
  • Update the sample from the specified URL
  • Execute system or custom commands
Mozi Botnet
Mozi Structure

The botnet starts infection using any random local port to start a local HTTP service to provide malware samples for download or to retrieve the samples from the address present in the config file. It uses weak passwords or uses known to compromise the targeted device.

Following are the vulnerabilities Exploited

Once it infected the target device, it joins the device Mozi P2P network and the device becomes like the new Mozi Bot node and starts infecting other devices.

Based on the data collected by 360 Netlab honeypot devices, the campaign is ongoing and the infection has been increasing.

Mozi Botnet
Device Infection

Users are recommended to patch the vulnerabilities and to set up a strong password to avoid infection. Technical details can be found in the 360 Netlab blog post.

For more information on D-Link, Firmware Patches refer here.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Python range() Function – Linux Hint

Python is a modern, general-purpose, and high-level programming language that comes with powerful features. Python has many built-in modules to support diverse operations. The...

2020 World Series live stream: how to watch Dodgers vs Rays game 4 from anywhere

Over the next few days,  the year's shortened MLB season will come to an end and baseball will crown a new champion - but...

Michigan vs Minnesota live stream: how to watch Big Ten college football tonight

Big Ten college football is back, and the Michigan Wolverines vs Minnesota Golden Gophers game - one of the oldest rivalries in American college...

How to watch Khabib vs Gaethje: live stream UFC 254 right now

It's Fight Island's final bout of the year, and what a clash to be ringing that final bell to. UFC 254 plays host to...

How to watch Khabib vs Gaethje: live stream UFC 254 right now

It's Fight Island's final bout of the year, and what a clash to be ringing that final bell to. UFC 254 plays host to...