back to article Attackers exploit Spring4Shell flaw to let loose the Mirai botnet

There has been a land rush of sorts among threat groups trying to use the vulnerability discovered in the open-source Spring Framework last month, and now researchers at Trend Micro are saying it's being actively exploited to run the Mirai botnet. Mirai is a long-running threat that has been around since 2016 and is used to …

  1. ecarlseen

    FFS am I literally the only person who puts /tmp on a seprate volume and mounts it with noexec set?

    1. doublelayer Silver badge

      Separate volume, lots of people do that. Noexec, not as many people as you'd hope. Although in this case, /tmp is just a convenient place to store things because a lot of these things are embedded devices with little storage but /tmp in RAM. If a target wasn't allowing the chmod from there, the attacker could find somewhere else to put their binary as long as there was some writable storage. That binary could be a very small one that loaded instructions from another file in /tmp that wasn't executed.

  2. hayzoos

    "They also can downgrade to a lower JDK version such as version 8, though doing so "could impact application features and open doors to other attacks mitigated in higher versions of JDK," the researchers wrote."

    The botnet tools like Mirai are not single function, they are toolsets. The nature of IOT is ship and forget. I would be highly surprised that they do not carry exploits for multiple versions since not doing so would leave a lot of older targets unused. So, um, no, downgrading to avoid the exploit du jour is not going to help in the larger scheme.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like