HomeUpdateA New Exploit in a Wormable Module has been observed to Spread...

A New Exploit in a Wormable Module has been observed to Spread Rapidly

-

Last Updated on 21/03/2022 by Nidhi Khandelwal

According to a new study, the virus known as DirtyMoe has obtained new worm-like propagation characteristics that allow it to spread its reach without any user engagement.

A New Exploit in a Wormable Module has been observed to Spread Rapidly 1

In a paper published Wednesday, Avast researcher Martin Chlumeck wrote, “The worming module targets earlier well-known vulnerabilities, such as EternalBlue and Hot Potato Windows privilege escalation.”

“On a daily basis, a single worm module can produce and target hundreds of thousands of private and public IP addresses; many victims are at risk because many PCs still use unpatched systems or weak passwords.”

The DirtyMoe botnet has been active since 2016, and it uses external exploit kits like PurpleFox or implanted Telegram Messenger installers to carry out cryptojacking and distributed denial-of-service (DDoS) assaults.

A DirtyMoe service is also used as part of the attack sequence, which launches two more processes, the Core and the Executioner, which are used to load the modules for Monero mining and to spread the malware in a worm-like fashion.

A New Exploit in a Wormable Module has been observed to Spread Rapidly 2

“The worming module’s main purpose is to achieve RCE under administrator privileges and install a new DirtyMoe instance,” Chlumeck said, adding that one of the component’s core functions is to produce a list of IP addresses to target depending on the module’s geological location.

Furthermore, attacks targeting PHP, Java Deserialization, and Oracle Weblogic Servers were discovered in another in-development worming module, hinting that the attackers are seeking to widen the scope of the infections.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

Asus routers have been targeted by this dangerous new variant of...

0
Nearly a month after it was revealed that the malware used WatchGuard firewall appliances as a stepping stone to obtain remote access to infiltrated...