Botnet worm targeting routers and DSL modems - 100,000 infected so far

Discussion in 'other security issues & news' started by MrBrian, Mar 23, 2009.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From http://blogs.zdnet.com/security/?p=2972:

     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Thanks for the article.

    It's amazing how many people do not change the default username/password that comes with the router/modem, or else use a weak password.

    There was an article about this sometime ago, but I can't locate it at the moment.

    ----
    rich
     
  3. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    its a clever idea since most people do use the default username and password for it and never think to check their router.

    what is the sergested way to get rid of it?
    flash firmware?

    how many people are acually gonna check there router and flash in just incase?
    the adverage user wont know how to and wont suspect their router to be infected.
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome. This particular worm targets only those routers and modems that have their management interface accessible from the Internet. I believe that malware already on a local machine will in the future more often try to alter modems and routers so as to remain even if the machine's malware is cleaned.
     
  5. guest

    guest Guest

    This is a really big problem...

    Usually, home routers doesn't have remote administration turned on by default (all the linksys, dlink and other brands like this...)

    The real problem is that some isp are giving modems/routers with remote administration open and VERY WEAK passwords...

    This is the real problem...
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    According to this story, you can do a factory reset of the device.
     
  7. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    This is par for the course. Peeps want a computer without knowing anything about it. Without the internet, that poses no problem. When they want to attach to the rest of the world, but still don't want to know anything about a computer, now it poses a problem.

    Honestly, if peeps just understood that by being online it is like living in one large neighborhood, with both honest citizens and criminals. And that by them not taking the time to learn about thier computers, it is like living in this neighborhood with no front door, or the door wide open 24/7. In real life I bet it would not be long before a criminal came in the house and did some criminalizing. Same way with the computer/internet. Those who don't want to learn enough to check thier deadbolt, let alone close the door, are left wondering "Why is this happening". It is not the right question. The question is "Why do you wish to stay ignorant when you place yourself in a position where this is likely to happen?"

    IMO if you want to be connected to the world, you should either learn, know someone to take care of you, or just expect the eventual problem. It is only a matter of time. For those of the like that browse Wilders, they have made a choise to learn something. The time invested pays rich dividends in such simple cases as a router public password either being changed from default, or that feature turned off.

    And I have seen most every router I ever looked at have remote admin turned ON by default. We should also be shaming the manufacturers for such short-sightedness. The rule should have been, unless they know enough to actually manage a router, turn it off. If they know enough to manage it, they will know how to turn it on.

    Sul.
     
  8. guest

    guest Guest

    What kind of router are they?

    I believe you... But all the routers I tried (think of linksys, dlink...) have remote admin off by default...
     
  9. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Many over the years. Linksys,Dlink,Belkin,Netgear,Buffalo... new ones like my latest dlink it was off.

    Sul.
     
  10. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    So now to get away from malware:
    1. Wipe HDD
    2. Flash BIOS
    3. Reset Router
     
  11. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,693
    Why do you need to do either one of those?
    Mrk
     
Loading...
Thread Status:
Not open for further replies.