back to article Zerobot malware now shooting for Apache systems

The Zerobot botnet, first detected earlier this month, is expanding the types of Internet of Things (IoT) devices it can compromise by going after Apache systems. The botnet, written in the Go programming language, is being sold as the malware-as-a-service (MaaS) model and spreads through vulnerabilities in IoT devices and web …

  1. Gene Cash Silver badge

    Did it break printing? No? Then it's better than Microsoft's Malware-As-A-Service!

  2. pc-fluesterer.info
    Facepalm

    "unpatched or badly secured devices"

    And further: "... insecure configurations that use default or weak credentials".

    All admin faults.

    But I bet that this case as well will be attributed as "malware that can target Apache". :-(

  3. Ball boy Silver badge

    Built-in obsolescence

    Correct me if I'm making an assumption here but this kind of thing will get more and more troublesome: far too many manufacturers are loathe to maintain kit once it's been sold - even something as expensive and 'well supported' as a mobile phone usually doesn't get system updates once it's more than a couple of years past its sales window. What hope is there for the cheaper devices to get a continual stream of bug-fixes and so on delivered to them? I'd wager a large chunk of the cheaper IoT devices out there today don't even have code that can fetch updates even if they were available.

    This will end badly, I have no doubt! Well, it won't end. Which is a problem.

    1. Kevin McMurtrie Silver badge

      Re: Built-in obsolescence

      It's much worse. Several cloud hosting providers are completely OK with persistent botnet infections. DigitalOcean and OVH are not only enormous botnet hosts right now, but they've disconnected their abuse contact so they don't have to hear about it.

      How can they do that? Backbones NTT, ReTN, Telia/Twelve99, and Tata don't seem to mind.

      The Internet of Sh!t is expanding to include almost everything.

      1. IGotOut Silver badge

        Re: Built-in obsolescence

        I agree. So much so, my Cloudflare blocks all traffic from OVH and DO.

        It reduced attacks by about 95%

  4. Ididntbringacoat

    Too much Holiday Cheer?

    Not to dampen the festivities here, but, a a Human proof reader might be in order. "monthy", "spared"? Yes, I did bring a coat, this time, why?

    1. Ball boy Silver badge
      Headmaster

      Re: Too much Holiday Cheer?

      "a a [sic] Human proof reader might be in order."

      Amen to that; a quality correction! With hindsight, perhaps a note to the editorial desk would have been more appropriate?

      Oh, another thing: 'human' needs no capital letter when deployed mid-sentence. A minor point but - as a budding pedant - one should really be aware of such trivia.

      Seasons greetings one and all. May your God go with you.

  5. nijam Silver badge

    I thought these new languages like Go and Rust were touted as a new wave of improved security.

    Excuse me whilst I give a wry smile, off-camera.

    1. Crypto Monad Silver badge

      The malware itself benefits from the security of being written in Go and Rust. Where's the contradiction?

      1. stiine Silver badge
        Coffee/keyboard

        Isn't that cheating?

        1. Crypto Monad Silver badge

          Cheating is when malware omits to set the evil bit on the executable.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like