"DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly"

DirtyMoe malware has new worm-like propagation capabilities, allowing it to have a greater reach without requiring user interaction. According to Avast researcher Martin Chlumecký, DirtyMoe's worming module targets older well-known vulnerabilities such as Hot Potato Windows privilege escalation. One worm module is capable of generating and attacking hundreds of thousands of private and public IP addresses each day. Many machines still use unpatched systems or weak passwords, leaving many victims at risk. Since 2016, the DirtyMoe botnet has been used in the performance of cryptojacking and Distributed Denial-of-Service (DDoS) attacks. The botnet is deployed through external exploit kits such as PurpleFox or injected installers of Telegram Messenger. DirtyMoe also has a service that leads to the launch of two additional processes for loading modules for Monero mining and spreading malware in a worm-like way. The worming modules attack machines by exploiting vulnerabilities to install the malware, with each module targeting a specific vulnerability based on information gathered after reconnaissance. Chlumecký explained that the primary goal of the worming module is to achieve Remote Code Execution (RCE) under administrator privileges and install a new DirtyMoe instance. This article continues to discuss findings surrounding DirtyMoe's new worm-like propagation capabilities. 

THN reports "DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly"