News Worm targets Linux routers

http://www.bit-tech.net/news/bits/2009/03/26/worm-targets-linux-routers/1

A new worm has been uncovered which targets routers based on the Linux operating system and makes them part of an IRC controlled botnet.

 

Props to them!

I wondered how long it'd be before this sort of thing turned up. It just shows how many people do nothing to secure their routers.

 

People who leave their router access on 'password' probably deserve all they get but its bad design for something to be brute force crackable (failed logins/min)

 

Does this however only infect routers which have net accessible Telnet/HTTP interfaces?

 

One more reason to always use HTTPS for your router logins. Although it won't help if the worm has infected my machine, I certainly won't have to worry about the other machines on the LAN.

As far as I remember from reading about it's method (once it's found a way in) the worm has to execute shell commands, therefore it would most-likely require a telnet/SSH interface, as well as a POSIX-compliant environment.

But hey, I've seen Belkin routers that this would probably work on.. And that's without having DD-WRT/Tomato installed.

 

I just bought a router and plan on putting tomato on it. I haven't even looked at it yet, What is the definition of a secure password? Just a combo of letters and numbers or something else?

 

Aww, now I can't simply log in using the default settings

 

I believe it.. 80,000 devices just makes me lol we live next to a school and when I do a check on wireless- I've come up with unsecured or using wep with open shares.. I dunno if it's a joke being played on someone or if majority of kids are really that bad with security

who runs a router default? probably everyone XD imagine a botnet like that- pure genius too bad he let the cat out of the bag

 

My house is vulnerable if I open the door and put out a welcome sign to any and all to come and take what they wish.

This is a misleading story. The open source firmware don't come with the door open. http://www.linuxtoday.com/it_management/2009032501835SCEMHW

At least one vendor was found that did at some point in time ship such "open door" products. http://www.linuxtoday.com/news_story.php3?ltsn=2009-03-25-018-35-SC-EM-HW-0003

Remember, even if you buy a strong fort that is locked, you can always open the door to make yourself vulnerable.

The good news is that this means that only a small fraction of users will be affected instead of almost everyone using that product.

I'm getting the feeling this was a research ploy from someone that feels threatened by the value proposition of FOSS.

 

This makes me glad I took the time to load up an old computer with PFsense. Free BSD on x86 hardware... none of that MIPS stuff here!

 

Nearly all routers are delivered with the administrator username as admin and the password as admin. It is the first thing I changed when I got my old router, now I have a Sky router, I need to change that 'password' to be something other than a very well known three letter word...

Talk about leaving yourself open...

Oh yes, if the Sky router gets infected with this and starts DDOSing other systems, Sky will cut you off and won't reconnect you until you have reformatted your computer hard drive... (as one of my work colleagues found out recently)

I wonder what they'll do if it is the router that is doing the dirty on the net?

Andy

 

Always use STRONG passwords. I set up a private FTP server on my computer running 24/7 and it didn't take long before douchebags tried to guess the passwords logging on as "Administrator". I don't even have an account named "Administrator". The FTP server also blocks brute-force attacks. I also run a Linksys router with DD-WRT, but I have a strong password for it and I only use SSH, I disabled the Telnet interface.

 

user error, the root of all evils

really, whoever doesn't change their router admin password is supposed to be infected. don't blame the smart guy who wrote the worm