Zerobot botnet expands to start exploiting Apache flaws

Botnet
(Image credit: Shutterstock / BeeBright)

Zerobot, a botnet that infects various Internet of Things (IoT) devices and uses them for distributed denial of service (DDoS) attacks, has been updated with new features and new infection mechanisms. 

A report from Microsoft's security team claims that the malware used to integrate IoT devices into the botnet has reached version 1.1.

With this upgrade, Zerobot can now leverage flaws found in Apache and Apache Spark to compromise various endpoints and later use them in the attacks. The flaws used to deploy Zerobot are tracked as CVE-2021-42013 and CVE-2022-33891. 

Abusing Apache flaws

CVE-2021-42013 is actually an upgrade for the previous fix, designed to patch CVE-2021-41773 in Apache HTTP Server 2.4.50. 

As the latter was insufficient, it allowed threat actors to use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives, the cve.mitre.org site explains. “If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.”

CVE-2022-33891, on the other hand, affects the Apache Spark UI, and allows attackers to perform impersonation attacks by providing an arbitrary username, and ultimately, allows the attackers to run arbitrary shell commands. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1, cve.mitre.org explained.

The new version of Zerobot also comes with new DDoS attack capabilities, Microsoft explained. These capabilities allow threat actors to target different resources and render them inaccessible. In almost every attack, the report states, the destination port is customizable, allowing threat actors who purchase the malware to modify the attack as they see fit.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Industrial routers are being hit by zero-days from new Mirai botnets
ID theft
New Androxgh0st botnet targets vulnerabilities in IoT devices and web applications via Mozi integration
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Cisco, ASUS, QNAP, and Synology devices hijacked to major botnet
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
TP-Link and NR routers targeted by worrying new botnet
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Dangerous new botnet targets webcams, routers across the world
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
IoT’s botnet problem is up 500% – three things admins must do now
Latest in Software & Services
TinEye website
I like this reverse image search service the most
A person in a wheelchair working at a computer.
Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other
This people search finder covers all the bases, but it's not perfect
That's Them home page
Is That's Them worth it? My honest review
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Latest in News
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Samuel and Romy standing very close together in A24's Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
Seth Milchick and Kier Eagan's animatronic speaking in Severance season 2 episode 10
Apple TV+ announces Severance has been renewed for season 3 after that devastating finale