Botnet Worm Targets DSL Modems and Routers

[Maximus()]

Security researchers have discovered a worm program that does not address computers, but modems and routers. According to the researchers is the first time that malware has been found that these dir devices.

Researchers DroneBL, which deals with the detection of infected computers, the program was on track when they were hit by a DDoS attack. 'Psyb0t' as the worm is called, focuses on routers and modems that mipsel-linux and telnet, ssh or http configuration. The worm tries a list of frequently used passwords to shell access. Is it once did, then it copies itself to the device and close access to the configuration interface.

The worm can ddos-attacks, searching for vulnerable phpMyAdmin scripts and MySQL databases and retrieve passwords using deep packet inspection. Because most users will not notice that their router or modem has become infected, the researchers consider the worm as very dangerous. They expect more in the future malware that is targeting routers. Removing the worm from an infected device is simply DroneBL: briefly shut down the flow should be sufficient. To prevent new infections, it is recommended that the latest firmware updates from the manufacturer to install and secure passwords to use.

Some characteristics of these Botnet Worm:

• It’s the first botnet worm to specifically target routers and DSL modems
• Contains shellcode for many mipsel devices
• It’s not targeting PCs or servers
• Uses multiple strategies for exploitation, including brute-force username and password combinations
• Harvests user names and passwords through deep packet inspection
• can scan for exploitable phpMyAdmin and MySQL servers

[Kanga]

In any (automatic) firmware upgrade to the Livebox Orange / wanadoo reset the password again. I got it after xx number of times specified for a password on it.

[ArtisticVisions]

The router manufacturers can also help to increase safety concerns. Set example (default settings) everything. And while the default password is not adjusted just not connect up.

Some very simple solutions and are so many problems such as unsecured WiFi connections, use of default passwords, admin remote access, etc.

In addition, I find that a user may be provider expect (even demand) that it is a modem / router which will correct, and no further configuration is safe.

[PreatORiAn]

Problem is that the modems should be as user friendly. If your default everything off as UPnP Precautionary many normal users do not do more than just the Internet.

Most reliable, a hardware security. a switch that shut down some lines so that only the ROM can be read but not described.

the line between user friendly and not so thin.

[Rasdasa]

Most users do not even know that it is possible to do something on a modem or router. And that will not see the danger. Furthermore, most people do not know how a router should update.

I would not even know if there is an update for my router default provider exists.

Now I realize I've just posted to me that my router has been updated several times by the provider. Includes 1 time without that I knew from there. Who is now responsible if my router is hacked?