Botnet worm targeting routers and DSL modems - 100,000 infected so far

From http://blogs.zdnet.com/security/?p=2972:

 

Thanks for the article.

It's amazing how many people do not change the default username/password that comes with the router/modem, or else use a weak password.

There was an article about this sometime ago, but I can't locate it at the moment.

----
rich

 

its a clever idea since most people do use the default username and password for it and never think to check their router.

what is the sergested way to get rid of it?
flash firmware?

how many people are acually gonna check there router and flash in just incase?
the adverage user wont know how to and wont suspect their router to be infected.

 

You're welcome. This particular worm targets only those routers and modems that have their management interface accessible from the Internet. I believe that malware already on a local machine will in the future more often try to alter modems and routers so as to remain even if the machine's malware is cleaned.

 

This is a really big problem...

Usually, home routers doesn't have remote administration turned on by default (all the linksys, dlink and other brands like this...)

The real problem is that some isp are giving modems/routers with remote administration open and VERY WEAK passwords...

This is the real problem...

 

According to this story, you can do a factory reset of the device.

 

This is par for the course. Peeps want a computer without knowing anything about it. Without the internet, that poses no problem. When they want to attach to the rest of the world, but still don't want to know anything about a computer, now it poses a problem.

Honestly, if peeps just understood that by being online it is like living in one large neighborhood, with both honest citizens and criminals. And that by them not taking the time to learn about thier computers, it is like living in this neighborhood with no front door, or the door wide open 24/7. In real life I bet it would not be long before a criminal came in the house and did some criminalizing. Same way with the computer/internet. Those who don't want to learn enough to check thier deadbolt, let alone close the door, are left wondering "Why is this happening". It is not the right question. The question is "Why do you wish to stay ignorant when you place yourself in a position where this is likely to happen?"

IMO if you want to be connected to the world, you should either learn, know someone to take care of you, or just expect the eventual problem. It is only a matter of time. For those of the like that browse Wilders, they have made a choise to learn something. The time invested pays rich dividends in such simple cases as a router public password either being changed from default, or that feature turned off.

And I have seen most every router I ever looked at have remote admin turned ON by default. We should also be shaming the manufacturers for such short-sightedness. The rule should have been, unless they know enough to actually manage a router, turn it off. If they know enough to manage it, they will know how to turn it on.

Sul.

 

What kind of router are they?

I believe you... But all the routers I tried (think of linksys, dlink...) have remote admin off by default...

 

Many over the years. Linksys,Dlink,Belkin,Netgear,Buffalo... new ones like my latest dlink it was off.

Sul.

 

So now to get away from malware:

1. Wipe HDD
2. Flash BIOS
3. Reset Router

 

Why do you need to do either one of those?
Mrk