Rome Wasn’t Built in a Day, but This Botnet Was, Using CVE-2017-17215

A new botnet has been detected by security researchers at NewSky security, with their discovery being confirmed by researchers from Qihoo 360 Netlab, Rapid7, and Greynoise. The botnet in question has compromised more than 18,000 routers in a single day, and has been built by leveraging a security flaw in Huawei HG532 routers known as CVE-2017-17215.

Botnet Built Only in a Day by Anarchy Hacker

CVE-2017-17215’s official description goes like this: “Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code”.

According to analysis, the scans for the flaw began on July 18, in the morning, via port 37215.

The author of the botnet has called himself Anarchy and hasn’t provided any information as to why he created the botnet. According to security researchers, Anarchy may be the same hacker who was using the Wicked nickname and who is behind some of Mirai’s variations. The variations have been identified as Wicked, Omni, and Owari and were actively used in DDoS attacks.

What is mostly concerning about the newly discovered botnet is the ease it was built with, using a high-profile security flaw that has been used before for similar reasons. Research indicates that CVE-2017-17215 has been deployed in the creation of at least two versions of the Satori botnet as well as some Mirai-based small botnets. Let’s take the Satori botnet which is a botnet that exploits a flaw in Huawei and a bug in Realtek SDK-based devices.

These vulnerabilities have been exploited to attack and infect computers. The botnet itself was written on top of the devastating Mirai IoT botnet. (Read more…)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Milena Dimitrova. Read the original post at: