1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Worm targets Linux routers

Discussion in 'Article Discussion' started by CardJoe, 26 Mar 2009.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,346
    Likes Received:
    316
  2. K.I.T.T.

    K.I.T.T. Hasselhoff™ Inside

    Joined:
    1 Jan 2005
    Posts:
    624
    Likes Received:
    1
    Props to them!

    I wondered how long it'd be before this sort of thing turned up. It just shows how many people do nothing to secure their routers.
     
  3. p3n

    p3n What's a Dremel?

    Joined:
    31 Jan 2002
    Posts:
    778
    Likes Received:
    1
    People who leave their router access on 'password' probably deserve all they get but its bad design for something to be brute force crackable (failed logins/min)
     
  4. BioSniper

    BioSniper Minimodder

    Joined:
    5 Feb 2002
    Posts:
    3,815
    Likes Received:
    18
    Does this however only infect routers which have net accessible Telnet/HTTP interfaces?
     
  5. TomH

    TomH BELTALOWDA!

    Joined:
    28 Nov 2002
    Posts:
    837
    Likes Received:
    45
    One more reason to always use HTTPS for your router logins. Although it won't help if the worm has infected my machine, I certainly won't have to worry about the other machines on the LAN.

    As far as I remember from reading about it's method (once it's found a way in) the worm has to execute shell commands, therefore it would most-likely require a telnet/SSH interface, as well as a POSIX-compliant environment.

    But hey, I've seen Belkin routers that this would probably work on.. And that's without having DD-WRT/Tomato installed.
     
  6. chrisb2e9

    chrisb2e9 Dont do that...

    Joined:
    18 Jun 2007
    Posts:
    4,061
    Likes Received:
    46
    I just bought a router and plan on putting tomato on it. I haven't even looked at it yet, What is the definition of a secure password? Just a combo of letters and numbers or something else?
     
  7. Project_Nightmare

    Project_Nightmare What's a Dremel?

    Joined:
    14 Oct 2006
    Posts:
    54
    Likes Received:
    0
    Aww, now I can't simply log in using the default settings :(
     
  8. thehippoz

    thehippoz What's a Dremel?

    Joined:
    19 Dec 2008
    Posts:
    5,780
    Likes Received:
    174
    I believe it.. 80,000 devices just makes me lol we live next to a school and when I do a check on wireless- I've come up with unsecured or using wep with open shares.. I dunno if it's a joke being played on someone or if majority of kids are really that bad with security

    who runs a router default? probably everyone XD imagine a botnet like that- pure genius too bad he let the cat out of the bag
     
  9. Jose_X

    Jose_X What's a Dremel?

    Joined:
    26 Mar 2009
    Posts:
    1
    Likes Received:
    0
    My house is vulnerable if I open the door and put out a welcome sign to any and all to come and take what they wish.

    This is a misleading story. The open source firmware don't come with the door open. http://www.linuxtoday.com/it_management/2009032501835SCEMHW

    At least one vendor was found that did at some point in time ship such "open door" products. http://www.linuxtoday.com/news_story.php3?ltsn=2009-03-25-018-35-SC-EM-HW-0003

    Remember, even if you buy a strong fort that is locked, you can always open the door to make yourself vulnerable.

    The good news is that this means that only a small fraction of users will be affected instead of almost everyone using that product.

    I'm getting the feeling this was a research ploy from someone that feels threatened by the value proposition of FOSS.
     
  10. myhottrashcan

    myhottrashcan Just some guy

    Joined:
    25 Oct 2006
    Posts:
    12
    Likes Received:
    0
    This makes me glad I took the time to load up an old computer with PFsense. Free BSD on x86 hardware... none of that MIPS stuff here!
     
  11. Shielder

    Shielder Live long & prosper!

    Joined:
    26 Jul 2007
    Posts:
    596
    Likes Received:
    0
    Nearly all routers are delivered with the administrator username as admin and the password as admin. It is the first thing I changed when I got my old router, now I have a Sky router, I need to change that 'password' to be something other than a very well known three letter word...

    Talk about leaving yourself open...

    Oh yes, if the Sky router gets infected with this and starts DDOSing other systems, Sky will cut you off and won't reconnect you until you have reformatted your computer hard drive... (as one of my work colleagues found out recently)

    I wonder what they'll do if it is the router that is doing the dirty on the net?

    Andy
     
  12. Saivert

    Saivert Minimodder

    Joined:
    26 Mar 2005
    Posts:
    390
    Likes Received:
    1
    Always use STRONG passwords. I set up a private FTP server on my computer running 24/7 and it didn't take long before douchebags tried to guess the passwords logging on as "Administrator". I don't even have an account named "Administrator". The FTP server also blocks brute-force attacks. I also run a Linksys router with DD-WRT, but I have a strong password for it and I only use SSH, I disabled the Telnet interface.
     
  13. wyx087

    wyx087 Multimodder

    Joined:
    15 Aug 2007
    Posts:
    12,097
    Likes Received:
    758
    user error, the root of all evils

    really, whoever doesn't change their router admin password is supposed to be infected. don't blame the smart guy who wrote the worm
     
Tags: Add Tags

Share This Page