Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Botnet targets openwrt/dd-wrt devices
freitasm

BDFL - Memuneh
79306 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#31615 24-Mar-2009 14:46
Send private message

Reports are coming of a botnet worm that infects DSL modems and routers, including those running openwrt/dd-wrt:


- is the first botnet worm to target routers and DSL modems
- contains shellcode for many mipsel devices
- is not targeting PCs or servers
- uses multiple strategies for exploitation, including bruteforce username and password combinations - harvests usernames and passwords through deep packet inspection
- can scan for exploitable phpMyAdmin and MySQL servers




Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync 

Create new topic

mjb

mjb
996 posts

Ultimate Geek

Trusted

  #203032 24-Mar-2009 14:50
Send private message

linky not good... :(




contentsofsignaturemaysettleduringshipping



freitasm

BDFL - Memuneh
79306 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#203034 24-Mar-2009 14:52
Send private message

mjb: linky not good... :(



Linky thing fixed by the LinkMeister now...




Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync 

Ragnor
8223 posts

Uber Geek

Trusted

  #203070 24-Mar-2009 17:46
Send private message

Hmm that's cheeky but I note it requires remote/wan side login/admin to be turned on. 

So basically don't let your router accept logins web/ssh/etc from anywhere outside your home network which is normally the default setting and use a strong password that can't be bruteforce/dictionary hacked.



stevonz
397 posts

Ultimate Geek

Trusted

#203304 25-Mar-2009 17:35
Send private message

This report http://apcmag.com/new-worm-can-infect-home-modemrouters.htm states that over 30 different Linksys models, 10 Netgear models, and a variety of other cable and DSL modems can be affected...




Cheers, Stevo

freakalad
231 posts

Master Geek


  #203710 27-Mar-2009 12:55
Send private message

Simple & effective solution for now would be to make use of strong username/password combination, & not allow for remote access other than over VPN.

Aslo, disable/remove stuff like wget & other mechanisms that would allow for the download of remote code.

http://www.bit-tech.net/news/bits/2009/03/26/worm-targets-linux-routers/1?tcs=nl
http://it.slashdot.org/article.pl?sid=09/03/23/2257252
http://dronebl.org/blog/8
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=49370&highlight=psyb0t

If the box was initally set up retty securly, you should be OK.
Keep an eye out for upcoming updates

- J




FLOSS'er, aspiring Maker

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright