A peer-to-peer (P2P) botnet which effects Vulnerable Linux Webmin servers is discovered by researchers.
For the past three months, the botnet has been targeting Webmin servers by using a remote code-execution vulnerability (CVE-2019-15107) which was previously patched on Aug. 17.
Webmin developers say that it has over a million installations worldwide and according to Shodan, 232,000 servers are currently vulnerable. But it is unknown how many Linux Webmin servers are being targeted.
Webmin users should check the process
NetLab 360 researchers advise users;
We recommend that Webmin users take a look whether they are infected by checking the process, file name, and UDP (User Datagram Protocol) network connection. We recommend that Roboto botnet-related IP, URL and domain names be monitored and blocked.