Security researchers have discovered a worm program that does not address computers, but modems and routers. According to the researchers is the first time that malware has been found that these dir devices.
Researchers DroneBL, which deals with the detection of infected computers, the program was on track when they were hit by a DDoS attack. 'Psyb0t' as the worm is called, focuses on routers and modems that mipsel-linux and telnet, ssh or http configuration. The worm tries a list of frequently used passwords to shell access. Is it once did, then it copies itself to the device and close access to the configuration interface.
The worm can ddos-attacks, searching for vulnerable phpMyAdmin scripts and MySQL databases and retrieve passwords using deep packet inspection. Because most users will not notice that their router or modem has become infected, the researchers consider the worm as very dangerous. They expect more in the future malware that is targeting routers. Removing the worm from an infected device is simply DroneBL: briefly shut down the flow should be sufficient. To prevent new infections, it is recommended that the latest firmware updates from the manufacturer to install and secure passwords to use.
Some characteristics of these Botnet Worm:
- It’s the first botnet worm to specifically target routers and DSL modems
- Contains shellcode for many mipsel devices
- It’s not targeting PCs or servers
- Uses multiple strategies for exploitation, including brute-force username and password combinations
- Harvests user names and passwords through deep packet inspection
- can scan for exploitable phpMyAdmin and MySQL servers
Bookmarks