According to Fortinet, the Goldoon botnet uses the CVE-2015-2051 vulnerability to distribute a dropper script from a malicious server. This script is carefully designed to be self-destructive and can run on various Linux system architectures. Once injected into a device, this “dropper” downloads and runs the file, paving the way for a range of malicious activities. Its main role is to obtain the botnet file using an XOR key to decrypt certain strings and create the full URI for the payload. Once downloaded, the final payload is extracted using a hard-coded header and sanitization mechanisms are deployed to hide traces on the compromised system.
” Although CVE-2015-2051 is not a new vulnerability and has a low attack complexity, it does have a critical security impact that could lead to remote code execution. Once attackers successfully exploit this vulnerability, they can integrate compromised devices into their botnet to launch further attacks. “Warned researchers from the Fortinet laboratory who discovered the Goldoon restart.
Once infiltrated, the Goldoon malware can launch a variety of DDoS attacks, including TCP flood, ICMP flood, as well as more targeted attacks such as DDoS on Minecraft. These attacks can have significant impact, disrupting both individual targets and larger networks.
Related Posts
new study reshuffles baobab origin cards
Fortnite: Battle Royale signs post-apocalyptic collaboration with Fallout | Xbox
