- Monday, 23 November 2009
- INQ Mobile
- RSS
Fundamentally, you can't fool Mother Nature in computers, either - Andy Grove - Only the Paranoid Survive
Worm targets DSL modems and router chips
A WORM is targeting embedded Linux devices which are used in DSL modems and routers. Mipsel based OpenWrt/ DD-WRT gear with SSH, Telnet, or Web-based interfaces available to the WAN have all been hit.
Psyb0t has been around for a while but lately it has changed its tactics and is hitting Linux hardware.
Netcomm's MB5 ASDL modem has been hit but also modem brands in Italy, Brazil, Ecuador, Russia, Ukraine, Turkey, Peru, Malaysia, Columbia, India, and Egypt were suspect as well.
ACcording to the DroneBL blog: "Ninety per cent of the routers and modems participating in this botnet are participating due to user-error (the user themselves or otherwise). Unfortunately, it seems that some of the people covering this botnet do not understand this point, and it is making us look like a bunch of idiots."
DroneBL has noticed that the botnet that the worm has created is 100,000 strong. µ
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
Because if its something else it will get hacked into.
Monowall for life.
Yeah it never made sense to me as to why use embedded Linux when the BSD license is way better.
man, they missed a golden opportunity at expanding their botnet by not making the worm to also support routers with ARM chips... i bought last year in December a sweex LW300 ( www.sweex.com/LW300 ) wireless-n router and found that it comes with an open-root telnet shell terminal (accessible from the internal network) that cannot be secured at all with a password even if you configure one for the web interface. I returned that *thing* to the store the next day and got another brand instead.
I got in touch with the guys at sweex and a guy named Tim van Wegberg (tim at sweexdotcom) replied to me that (quote from his message) "There is no new firmware available for this router because there are no known severe issues with the current firmware."
telnet with open root shell access available to anyone on the internal network (including open wireless if so configured) is not a severe issue? ROFLMAO.
and for reference, here's some info on the router:
kernel build id:
Linux (none) 2.6.17 #832 Tue Dec 4 15:39:35 CST 2007 armv5tejl unknown
and a contents of /proc/cpuinfo
Processor : ARM926EJ-Sid(wb) rev 5 (v5l)
BogoMIPS : 285.90
Features : swp half fastmult edsp java
CPU implementer : 0x41
CPU architecture: 5TEJ
CPU variant : 0x0
CPU part : 0x926
CPU revision : 5
Cache type : write-back
Cache clean : cp15 c7 ops
Cache lockdown : format C
Cache format : Harvard
I size : 16384
I assoc : 4
I line length : 32
I sets : 128
D size : 16384
D assoc : 4
D line length : 32
D sets : 128
Hardware : 5VT13XX