TweakTown
Tech content trusted by users in North America and around the world
5,675 Reviews & Articles | 36,072 News Posts
Weekly Giveaway: Fractal Design Arc Cases Contest (Global Entry!)

New Virus Targets DSL Modems and Routers

MIPS Based Hardware with weak passwords at risk

| Posted: Mar 25, 2009 2:40 pm

There is some scary security news out today as reports of a DSL and Cable Hardware Router based Botnet hits the Internet.

 

DroneBL reports that new exploit for MIPS based router processors and their Linux based embedded OS systems are being systematically turned into Bots. This attack is using code inserted using a modified UPX packing (to get by deep scanning antivirus applications) and using a form of brute force attack on usernames and passwords.

 

DroneBL states that not all hardware routers are susceptible to this attack. It seems to be mainly ones that keep the default username and password, and allow for remote management or remote SSH (from outside the internal network) an indication of infection is a blocking of ports 22, 23 and 80.

 

A quick way to rid yourself of this infection if you have it is to reset to factory defaults and update to the latest firmware. After doing this change your default admin and user passwords and make sure that Remote Management is disabled.

 

Read more here

 

New Virus Targets DLS Modems and Routers

You are only vulnerable if:

 

Your device is a mipsel (MIPS running in little-endian mode, this is what the worm is compiled for) device.

 

Your device also has telnet, SSH or web-based interfaces available to the WAN, and your username and password combinations are weak, OR the daemons that your firmware uses are exploitable.

 

As such, 90% of the routers and modems participating in this botnet are participating due to user-error (the user themselves or otherwise). Unfortunately, it seems that some of the people covering this botnet do not understand this point, and it is making us look like a bunch of idiots.

 

Any device that meets the above criteria is vulnerable, including those built on custom firmware such as OpenWRT and DD-WRT. If the above criteria is not met, then the device is NOT vulnerable.

 

Related Tags

Further Reading: Read and find more news at our news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

Latest Downloads

View More Latest Downloads

TweakTown Web Poll

Question: Did EA kill the Battlefield franchise with the terrible BF4 issues?

Yes, Battlefield is doomed

No, Battlefield will live on strong

I'm not sure, but I know EA needs to improve its game

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Get TweakTown updates via Facebook!
Just click the "Like" button below