Researchers: Malware Offered for Sale for $75
A botnet called DarkIRC is exploiting a severe remote execution vulnerability in Oracle WebLogic for which a patch was issued almost two months ago, Juniper Threat Labs reports. Meanwhile, the malware used to create the botnet is being offered for sale on a darknet hacking forum.
In addition to the DarkIRC botnet, researchers at Juniper Threat Labs are tracking four other malware variants that are trying to take advantage of the WebLogic vulnerability, including a version of the Mirai botnet and a weaponized version of the Cobalt Strike penetration testing tool.
The WebLogic flaw, tracked as CVE-2020-14882, is a remote code execution vulnerability that can be exploited over a network without the need for a username and password. A threat actor would only have to send a malicious HTTP request to the WebLogic Server’s management console to initiate the attack, according to a previous update by Oracle.
Oracle and the U.S. Cybersecurity and Infrastructure Security Agency have issued alerts about the importance of applying the patch, which has been available since October (see: CISA and Oracle Warn Over WebLogic Server…