Satori Botnet is Back, Experts Observed a Surge in Port Scan Activity Associated With It
This week, security experts observed a surge in port 8000 scan activity, researchers at Qihoo 360 Netlab determined that the unusual activity was associated with Satori IoT botnet.
Experts from Qihoo 360 Netlab discovered that the author of the Satori botnet have integrated a the proof-of-concept (PoC) code for the XionMai web server software package after it was published on June 8.
The code recently included in the Satori botnet exploits a buffer overflow vulnerability, tracked as CVE-2018-10088, in XionMai uc-httpd 1.0.0. The exploit could be used by remote attackers to execute arbitrary code by sending a malformed package via ports 80 or 8000.
Data collected by security experts demonstrate the evolution of the Satori botnet, its author continues to include new exploit to make the botnet resilient to the takedown of law enforcement and security firm.
Read more: Security Affairs