ZHtrap botnet: How it works and how to prevent it

A new botnet called ZHtrap is deploying honeypots to capture attacks from other botnets and use that information to hijack their infrastructures. Security researchers from Netlab 360 Team discovered a recent Mirai-based botnet dubbed ZHtrap that implements a honeypot mechanism to find more victims and use them to launch powerful attacks in the wild.

According to the NetLab researchers, “the source code of ZHtrap is based on Mirai, and it supports x86, ARM, MIPS and other popular CPU architectures.” Table 1 below presents the set of vulnerabilities (CVEs) explored during the botnet activity to compromise other systems.

table.tableizer-table { font-size: 12px; border: 1px solid #CCC; font-family: Arial, Helvetica, sans-serif; } .tableizer-table td { padding: 4px; margin: 3px; border: 1px solid #CCC; } .tableizer-table th { background-color: #104E8B; color: #FFF; font-weight: bold; } Vulnerability Description VisualDoor SonicWall SSL-VPN Exploit A SonicWall SSL-VPN remote command injection vulnerability came to light earlier this January. CVE-2020-25506 A D-Link DNS-320 firewall remote code execution (RCE) vulnerability. CVE-2021-27561 and CVE-2021-27562 Two vulnerabilities in Yealink Device Management allow an unauthenticated attacker to run arbitrary commands on the server with root privileges. CVE-2021-22502 An RCE

Read More: https://resources.infosecinstitute.com/topic/zhtrap-botnet-how-it-works-and-how-to-prevent-it/