New ‘InfectedSlurs’ Botnet Exploits Zero-Day Vulnerabilities in Routers and NVRs

A recently surfaced Mirai-based botnet, ‘InfectedSlurs,’ has raised alarms by leveraging two undisclosed zero-day vulnerabilities to infect both routers and video recorder (NVR) devices, turning them into participants in its profit-driven distributed denial-of-service (DDoS) operations.

Akamai’s Security Intelligence Response Team (SIRT) discovered ‘InfectedSlurs’ in late October 2023, initially detecting unusual activity on rarely used TCP ports within their honeypots. The botnet’s origins trace back to late 2022, showcasing a prolonged period of undetected activity.

The botnet exploits undisclosed vulnerabilities within specific NVR devices and a widely used wireless LAN router, granting unauthorized access to these devices. Despite the impacted vendors’ undisclosed details, Akamai reports that fixes for these vulnerabilities are expected to roll out in December 2023.

Akamai’s investigation further revealed that ‘InfectedSlurs’ operates as a JenX Mirai variant, showcasing concentrated C2 infrastructure and association with hailBot operations. Analysis of the botnet’s code demonstrates similarities to the original Mirai, operating as a self-propagating DDoS tool utilizing SYN, UDP, and HTTP GET request floods.

To disrupt ‘InfectedSlurs’ temporarily, users are advised to reboot their NVR and router devices, given the absence of patches. Akamai emphasizes the need for vigilance and prompt action upon the release of vendor security updates to safeguard against this emerging threat.

Defending against ‘InfectedSlurs’ requires heightened vigilance. Regularly updating router and NVR firmware is crucial to patch potential vulnerabilities. Implementing strong, unique passwords and disabling default credentials on devices helps thwart unauthorized access. Enabling firewalls and intrusion detection systems alongside monitoring network traffic aids in detecting and blocking suspicious activity. Employing security solutions capable of identifying and mitigating DDoS attacks fortifies defenses against the botnet’s disruptive activities.