AT&T Networking Devices' Old Flaw Now Exploited by New Malware to Conduct DoS Attacks! Thousands of US Customers Affected
(Photo : Photo by Ronald Martinez/Getty Images) A man walks with an umbrella outside of AT&T corporate headquarters on March 13, 2020 in Dallas, Texas. AT&T is allowing employees to work remotely from home if they have the ability to do so, as a safety measure due to COVID-19.
AT&T Networking Devices' Old Flaw Now Exploited by New Malware to Conduct DoS Attacks! Thousands of US Customers Affected
(Photo : Photo Illustration by Tim Boyle/Getty Images) The AT&T logo is seen atop a phone bill May 12, 2006 in Des Plaines, Illinois. The US National Security Agency began collecting information from phone records of millions of AT&T (until recently known as SBC), Verizon, and BellSouth customers shortly after the 2001 terror attacks.

AT&T's networking devices are currently targeted by a new malware called EwDoor. This new malicious tool is confirmed to be exploiting the device model's old flaw, which was discovered way back in 2017. 

AT&T Networking Devices' Old Flaw Now Exploited by New Malware to Conduct DoS Attacks! Thousands of US Customers Affected
(Photo : Photo by Ronald Martinez/Getty Images)
A man walks with an umbrella outside of AT&T corporate headquarters on March 13, 2020 in Dallas, Texas. AT&T is allowing employees to work remotely from home if they have the ability to do so, as a safety measure due to COVID-19.

The specific vulnerability that is exploited by the new malware is the CVE-2017-6079. This flaw, a command-injection vulnerability, was first discovered by Spencer Davis, a penetration tester. 

He used this flaw to hack a customer's network in 2017 successfully. Now, the new EwDoor malware is said to be taking advantage of this old security issue so that hackers behind it can easily conduct DoS (denial-of-service) attacks. 

"So far, the EwDoor in our view has undergone 3 versions of updates, and its main functions can be summarized into 2 main categories of DDoS attacks and Backdoor," said involved security experts via Qihoo 360's official website. 

AT&T Suffer From New EwDoor Malware

According to ArsTechnica's latest report, around 5,700 AT&T customers in the United States have fallen victims to the new EwDoor malware. 

AT&T Networking Devices' Old Flaw Now Exploited by New Malware to Conduct DoS Attacks! Thousands of US Customers Affected

(Photo : Photo Illustration by Tim Boyle/Getty Images)
The AT&T logo is seen atop a phone bill May 12, 2006 in Des Plaines, Illinois. The US National Security Agency began collecting information from phone records of millions of AT&T (until recently known as SBC), Verizon, and BellSouth customers shortly after the 2001 terror attacks.

Also Read: US Politicians Wants to Push for Anti-Bot Act to Prevent Scalpers From Bullk Buying

If you are one of the consumers of the telco giant, the device model that is currently attacked is the EdgeMarc Enterprise Session Border Controller. 

This networking device is a tool that can secure and manage phone calls. SMBs are currently relying on this gadget to contact their clients and customers. 

It can also secure real-time communications, such as video conferences. If you want to see more details about the new malware, you can click this link.  

How Serious is EwDoor? 

Qihoo 360 experts explained that the new EwDoor malware specifically attacks Edgewater devices. This means that hackers behind the new malicious tool could also use the malware to exploit other old vulnerabilities. 

As of the moment, security researchers said that EwDoor could conduct the following hacking activities: 

  • File management
  • DDoS attack
  • Self-updating
  • Port scanning
  • Reverse shell
  • Execution of arbitrary commands

In other news, TechTimes reported that Android users in Finland are also targeted by another malware called Flubot. On the other hand, U.S. companies are attacked by a new ransomware family

For more news updates about malware and other security threats, always keep your tabs open here at TechTimes.  

Related Article: Canada Caller ID Spoofing: CRTC to Bring Law on Preventing Nuisance Phone Calls

This article is owned by TechTimes

Written by: Griffin Davis

ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.