Researchers from Unit 42 have discovered a new worm called P2PInfect that creates its own P2P network to distribute malware without the use of centralized control servers. Once a host is compromised, it connects to the created P2P network and downloads the image with the implementation of P2PInfect for the targeted operating system. The worm then scans other vulnerable hosts to attack them and incorporate them into the network. The worm is capable of targeting Linux and Windows systems and is coded in Rust.
During their investigation, the researchers identified over 307,000 publicly accessible hosts with Redis, a popular open-source database. Out of these, 934 hosts were found to be vulnerable to the worm’s attack. It is possible that these hosts have already been compromised by P2PInfect. The worm takes advantage of a critical vulnerability (CVE-2022-0543) present in specific versions of Redis packages for Ubuntu and Debian distributions. This vulnerability allows for the execution of arbitrary code on a remote server and bypasses the sandboxing mechanism of the environment for executing scripts in Redis.
| Reference Links: |
|---|
| Unit 42 Research |
| CVE-2022-0543 Vulnerability Analysis |
| Ubuntu Security Advisory |
| Debian Security Tracker |
| More Details on Debian RCE |