1. Home
  2. Wireless Networking
  3. NEWS: Worm breeds botnet from home routers, modems

NEWS: Worm breeds botnet from home routers, modems

Security researchers have identified a sophisticated piece of malware that corals consumer routers and DSL modems into a lethal botnet.

The "psyb0t" worm is believed to be the first piece of malware to target home networking gear, according to researchers from DroneBL, which bills itself as a real-time monitor of abusable internet addresses. It has already infiltrated an estimated 100,000 hosts. It has been used to carry out DDoS, or distributed denial of service, attacks and is also believed to use deep-packet inspection to harvest user names and passwords.

[MORE]
Reply to
John Navas
Loading thread data ...

Wonderful. 100K hosts that have weak telnet and/or SSH logins.

More:

Reading between the lines, if you can't connect to your router via HTTP, telnet, or SSH any more, your router is probably infected as the worm blocks port 22, 23 and 80 after it's run.

Hmmm... "Asked about the origin of the work he says that several traces point to Australia as being the country of origin..." First the CISRO patent suit againt Buffalo, now this.

Reply to
Jeff Liebermann

Jeff Liebermann wrote in news: snipped-for-privacy@4ax.com:

Yeah...not a big deal IMO. All consumer rtrs have admin from the WAN side disabled by default.

I don't believe that *any* attack that uses a brute force dictionary method to gain access to a device is a 'real' security issue, as far as the device itself is concerned. That IS a user problem.

Reply to
DanS

I had wondered why the DoS attacks on the WAN side of my router had increased. If you have management on this interface and a weak password you DESERVE to be breached.

Reply to
TheDragon

"TheDragon" wrote in news: snipped-for-privacy@mid.individual.net:

Yeah, there was a discussion another group, someone trying to prove that Linux was just as insecure as an OS as Windows. He posted an article that listed 4 common 'exploits' on Linux systems.

Of course, all four of the 'exploits' were based on the same brute-force dictionary attacks of an internet facing service of some kind. Again, IMO, not a security issue, a user issue.

Reply to
DanS

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.