TweakTown
Tech content trusted by users in North America and around the world
5,933 Reviews & Articles | 38,224 News Posts

New Virus Targets DSL Modems and Routers

MIPS Based Hardware with weak passwords at risk

| Posted: Mar 25, 2009 2:40 pm

There is some scary security news out today as reports of a DSL and Cable Hardware Router based Botnet hits the Internet.

 

DroneBL reports that new exploit for MIPS based router processors and their Linux based embedded OS systems are being systematically turned into Bots. This attack is using code inserted using a modified UPX packing (to get by deep scanning antivirus applications) and using a form of brute force attack on usernames and passwords.

 

DroneBL states that not all hardware routers are susceptible to this attack. It seems to be mainly ones that keep the default username and password, and allow for remote management or remote SSH (from outside the internal network) an indication of infection is a blocking of ports 22, 23 and 80.

 

A quick way to rid yourself of this infection if you have it is to reset to factory defaults and update to the latest firmware. After doing this change your default admin and user passwords and make sure that Remote Management is disabled.

 

Read more here

 

New Virus Targets DLS Modems and Routers

You are only vulnerable if:

 

Your device is a mipsel (MIPS running in little-endian mode, this is what the worm is compiled for) device.

 

Your device also has telnet, SSH or web-based interfaces available to the WAN, and your username and password combinations are weak, OR the daemons that your firmware uses are exploitable.

 

As such, 90% of the routers and modems participating in this botnet are participating due to user-error (the user themselves or otherwise). Unfortunately, it seems that some of the people covering this botnet do not understand this point, and it is making us look like a bunch of idiots.

 

Any device that meets the above criteria is vulnerable, including those built on custom firmware such as OpenWRT and DD-WRT. If the above criteria is not met, then the device is NOT vulnerable.

 

Related Tags

Further Reading: Read and find more news at our news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

TweakTown Web Poll

Question: Facebook's acquisition of Oculus VR will...

Improve Oculus Rift Development

Hamper Oculus Rift Development

Completely destroy Oculus Rift Development

Let's wait and see, I'm not sure

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases