A botnet has been detected utilizing the recently disclosed vBulletin exploit to secure vulnerable servers so that they cannot be used by other attackers. This allows the botnet to grow their army of compromised servers without fear that other attackers will utilize the same server. On Monday, a zero-day remote code execution vulnerability and exploit for the vBulletin forum software was publicly released. This quickly led to attackers using the exploit to hack into vulnerable vBulletin servers. BleepingComputer has learned from Troy Mursch of Bad Packets Report that a botnet is using this vBulletin exploit to block other attackers from also using it.
Source: Bleeping Computer