A new botnet named Roboto is targeting Linux servers running the Webmin app, according to security researchers at 360 Netlab. Roboto is a peer-to-peer botnet that has been active since summer and is exploiting a vulnerability in the Webmin app. The app offers a web-based remote management system for Linux servers and is installed on as many as 215,000 servers. The vulnerability, identified as CVE-2019-15107, allows bad actors to compromise older Webmin servers by running malicious code and gaining root privileges. The vulnerability was identified and patched by the company behind Webmin. However, many users have not installed the latest version with the patch, and Roboto botnet is targeting such servers. According to security researchers, the Roboto botnet has DDoS attack capability in its code, and it is the main feature of the botnet. The bad actors behind the botnet aim to expand it by conducting DDoS attacks via vectors such as HTTP, ICMP, UDP, and TCP.
Submitted by: Arnfried Walbrecht