P2P Botnet discovered by Netlab360. The botnet infects linux servers via the Webmin RCE vulnerability (CVE-2019-15107) which allows attackers to run malicious code with root privileges and take over older Webmin versions. Based on the Netlabs360 analysis, the botnet serves mainly 7 functions: reverse shell, self-uninstall, gather process' network information, gather Bot information, execute system commands, run encrypted files specified in URLs and four DDoS attack methods: ICMP Flood, HTTP Flood, TCP Flood, and UDP Flood.
|2019-11-20 ⋅ 360 netlab ⋅ |
The awaiting Roboto Botnet
|2019-11-20 ⋅ ZDNet ⋅ |
New Roboto botnet emerges targeting Linux servers running Webmin
There is no Yara-Signature yet.