Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


BDFL - Memuneh
61524 posts

Uber Geek
+1 received by user: 12243

Administrator
Trusted
Geekzone
Lifetime subscriber

Topic # 31615 24-Mar-2009 14:46
Send private message

Reports are coming of a botnet worm that infects DSL modems and routers, including those running openwrt/dd-wrt:


- is the first botnet worm to target routers and DSL modems
- contains shellcode for many mipsel devices
- is not targeting PCs or servers
- uses multiple strategies for exploitation, including bruteforce username and password combinations - harvests usernames and passwords through deep packet inspection
- can scan for exploitable phpMyAdmin and MySQL servers




Create new topic

mjb

922 posts

Ultimate Geek
+1 received by user: 21

Trusted

  Reply # 203032 24-Mar-2009 14:50
Send private message

linky not good... :(




contentsofsignaturemaysettleduringshipping




BDFL - Memuneh
61524 posts

Uber Geek
+1 received by user: 12243

Administrator
Trusted
Geekzone
Lifetime subscriber

8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 203070 24-Mar-2009 17:46
Send private message

Hmm that's cheeky but I note it requires remote/wan side login/admin to be turned on. 

So basically don't let your router accept logins web/ssh/etc from anywhere outside your home network which is normally the default setting and use a strong password that can't be bruteforce/dictionary hacked.

397 posts

Ultimate Geek

Trusted

Reply # 203304 25-Mar-2009 17:35
Send private message

This report http://apcmag.com/new-worm-can-infect-home-modemrouters.htm states that over 30 different Linksys models, 10 Netgear models, and a variety of other cable and DSL modems can be affected...




Cheers, Stevo

208 posts

Master Geek
+1 received by user: 1


  Reply # 203710 27-Mar-2009 12:55

Simple & effective solution for now would be to make use of strong username/password combination, & not allow for remote access other than over VPN.

Aslo, disable/remove stuff like wget & other mechanisms that would allow for the download of remote code.

http://www.bit-tech.net/news/bits/2009/03/26/worm-targets-linux-routers/1?tcs=nl
http://it.slashdot.org/article.pl?sid=09/03/23/2257252
http://dronebl.org/blog/8
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=49370&highlight=psyb0t

If the box was initally set up retty securly, you should be OK.
Keep an eye out for upcoming updates

- J




FLOSS'er

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.