Mozi Botnet
Many of the newly discovered botnets focus on Internet-of-Things devices that are often secured and vulnerable to remote attacks poorly. However, the Mozi Botnet is a newly discovered project whose authors appear to go after Internet routers exclusively. To infect devices, they take advantage of a broad range of known vulnerabilities and exploits that are likely to work on devices that use outdated firmware – many people do not take the required steps to apply the latest security patches for their router's firmware. Therefore, they are the exact group that the operators of the Mozi Botnet are likely to target. Some of the most widespread router brands that the Mozi Botnet targets are Netgear, Huawei and D-Link.
The first traces of the Mozi Botnet's activity date back to September 2019 and the botnet's size has expanded rapidly over the past few months. Apart from exploiting vulnerabilities in outdated firmware, the authors of the Mozi Botnet also attempt to brute-force weak login credentials that would grant them unrestricted access to the compromised device's administrator panel.
The Mozi Botnet Relies on the DHT Protocol to Receive Commands
Often, botnets are controlled by commands sent via the HTTP protocol, but the crooks behind the Mozi botnet have adopted a different communication protocol – DHT, short for Distributed Hash Table. This communication protocol is best known for being used by torrent clients and peer-to-peer applications – software that generates a lot of traffic, and finding the small bits of traffic generated by the Mozi Botnet can be difficult.
The operators of the Mozi Botnet can command their infected devices to perform various tasks, the most important of which is to execute Distributed-Denial-of-Service (DDoS) attacks against a specified network address. In addition to this, the Mozi Botnet can fetch additional payloads from the control server or a Web address. Last but not least, it can execute remote commands on the compromised router.
Cybercriminals are on the prowl for flaws that can enable them to penetrate the security of routers, computers, smartphones, and any Internet-connected device constantly. To ensure the safety of your network, we advise you to apply the latest firmware updates and security patches to all Internet-enabled devices.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.