New “Goldoon” Botnet Targets D-Link Routers With Decade-Old Flaw


A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks.

The vulnerability in question is CVE-2015-2051 (CVSS score: 9.8), which affects D-Link DIR-645 routers and allows remote attackers to execute arbitrary commands by means of specially crafted HTTP requests.

“If a targeted device is compromised, attackers can gain complete control, enabling them to extract system information, establish communication with a C2 server, and then use these devices to launch further attacks, such as distributed denial-of-service (DDoS),” Fortinet FortiGuard Labs researchers Cara Lin and Vincent Li┬ásaid.

Read more…