Worm Turns ISP Broadband Routers Into Malicious Botnets
Posted: 24th Mar, 2009 By: MarkJ
Anti-Virus firms have issued warnings about a new self-replicating computer program (worm) known as Psyb0t, which has the unique ability to turn home broadband routers and certain ADSL modems into Botnets. Such botnets are generally malicious and can be used to propagate a virus, distribute spam, attack other systems (DDoS) and or for stealing your personal data.
The worm itself goes straight for the router and attempts to gain access using a combination of bruteforce username/password attempts, harvested usernames and passwords through deep packet inspection (dpi) and can also scan for vulnerable phpMyAdmin and MySQL servers running over a network:
It's understood that up to 100,000 routers could have been infected by the worm, which also blocks ports 22, 23 and 80 as part of the infection process (80 is used for http, web browsing) and locks you out of the router. Those that suspect their routers of being compromised should perform a HARD RESET to get rid of the rootkit. This is not to be confused with a soft reset or reboot (consult your manual).
The worm itself goes straight for the router and attempts to gain access using a combination of bruteforce username/password attempts, harvested usernames and passwords through deep packet inspection (dpi) and can also scan for vulnerable phpMyAdmin and MySQL servers running over a network:
You are only vulnerable if:
Any device that meets the above criteria is vulnerable, including those built on custom firmware such as OpenWRT and DD-WRT. If the above criteria is not met, then the device is NOT vulnerable.
Further details:
http://www.dronebl.org/blog/8
•Your device is a mipsel device [some flavours of embedded linux].As such, 90% of the routers and modems participating in this botnet are participating due to user-error (the user themselves or otherwise). Unfortunately, it seems that some of the people covering this botnet do not understand this point, and it is making us look like a bunch of idiots.
•Your device has telnet, SSH or web-based interfaces available to the WAN.
•Your username and password combinations are weak, OR the daemons that your firmware uses are exploitable.
Any device that meets the above criteria is vulnerable, including those built on custom firmware such as OpenWRT and DD-WRT. If the above criteria is not met, then the device is NOT vulnerable.
Further details:
http://www.dronebl.org/blog/8
It's understood that up to 100,000 routers could have been infected by the worm, which also blocks ports 22, 23 and 80 as part of the infection process (80 is used for http, web browsing) and locks you out of the router. Those that suspect their routers of being compromised should perform a HARD RESET to get rid of the rootkit. This is not to be confused with a soft reset or reboot (consult your manual).
Latest UK ISP News
Cheap BIG ISPs for 100Mbps+
150,000+ Customers | View More ISPs
Cheapest ISPs for 100Mbps+
Modest Availability | View More ISPs
Latest UK ISP News
Cheap BIG ISPs for 100Mbps+
Large Availability | View All
Cheapest ISPs for 100Mbps+
Large Availability | View All
Helpful ISP Guides and Tips
Sponsored Links
The Top 15 Category Tags
- FTTP (6288)
- BT (3727)
- Politics (2836)
- Business (2548)
- Openreach (2475)
- Building Digital UK (2401)
- Mobile Broadband (2251)
- FTTC (2102)
- Statistics (1989)
- 4G (1900)
- Virgin Media (1857)
- Ofcom Regulation (1641)
- Fibre Optic (1509)
- Wireless Internet (1507)
- 5G (1505)
Sponsored
Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules