Sunday 9th March 2025
Aidan Dickenson
Sales pressure weighing you down? I help you beat rejection and stress so you can sell with confidence and live a balanced life.
Good morning. If your internet has been acting up, it might not just be your router—a massive IoT botnet is wreaking havoc, and 37,000 VMware ESXi servers are basically open doors for attackers. Oh, and YouTubers? They're now prime targets for cybercriminals using fake copyright claims to spread malware.
It’s a great time to be a hacker, but a terrible time to leave your passwords on a sticky note. Let’s dive in.
YouTube’s Latest Malware Scam: Fake Copyright Claims
Cybercriminals have found a new way to target YouTubers—bogus copyright claims. Their goal? To coerce creators into promoting malware-infected software and cryptocurrency miners.
The scam revolves around Windows Packet Divert (WPD) tools, which help users in Russia bypass internet censorship. YouTube creators making tutorials on these tools are receiving fraudulent copyright claims from attackers posing as the software’s original developers. The scammers then pressure them into replacing legitimate download links with malicious ones—or risk losing their channels under YouTube’s three-strike policy.
Once the infected software is downloaded, a stealthy cryptominer is deployed, hijacking users’ computers to mine cryptocurrency. Kaspersky has tracked over 2,000 victims, but the actual number is likely much higher.
Stay Safe:
- Never download software from YouTube descriptions—especially from smaller channels.
- Be cautious of copyright claims and verify sources before responding.
- Keep your antivirus active to block these stealthy attacks.
Bad actors are getting creative, but a little skepticism goes a long way.
Over 37,000 VMware ESXi Servers at Risk from Critical Exploit
A critical security flaw (CVE-2025-22224) is putting over 37,000 internet-exposed VMware ESXi instances at risk, with cybercriminals already exploiting it in the wild. The flaw, an out-of-bounds write vulnerability, allows attackers to escape virtual machines and execute code directly on the host.
Despite Broadcom's urgent warning on March 4, 2025, thousands of systems remain unpatched. The Shadowserver Foundation reported 41,500 vulnerable instances yesterday, dropping to 37,000 today, meaning about 4,500 devices were patched within 24 hours.
What’s at stake?
- The flaw is actively exploited as a zero-day, with no available workarounds.
- CISA has ordered U.S. federal agencies to patch or disable ESXi by March 25.
- China (4,400), France (4,100), and the U.S. (3,800) have the highest number of vulnerable systems.
Take Action Now
Organisations using VMware ESXi should immediately apply Broadcom’s patches to avoid potential ransomware, data theft, or system compromise. No patch? Disconnect the system from the internet.
Eleven11bot: The Botnet Taking Over 86,000 IoT Devices
A massive DDoS botnet dubbed Eleven11bot has infected over 86,000 IoT devices, primarily security cameras and network video recorders (NVRs). The malware, loosely linked to Iran, has already targeted telecom providers and gaming servers, flooding them with hundreds of millions of packets per second over days-long attacks.
Discovered by Nokia researchers, Eleven11bot spreads through brute-force attacks on weak admin credentials and scans for exposed Telnet and SSH ports. Many infected devices are located in the U.S., U.K., Mexico, Canada, and Australia.
How to Protect Your Devices:
- Change default passwords and use strong, unique credentials.
- Disable remote access if not needed.
- Update firmware regularly or replace outdated devices.
- Blocklisted IPs tied to Eleven11bot should be monitored and filtered.
With its unprecedented scale, Eleven11bot is a wake-up call for IoT security. If your devices are online, make sure they’re locked down.