As reported yesterday in The Register, the “psyb0t” worm targets home routers and modems and may be the first piece of malware to do so. Researchers from DroneBL, a real-time tracker of abusable IPs, say that as of March 22 100,000 hosts had been infected.
Whether or not your equipment is vulnerable depends on three things:
- Your device is a mipsel (MIPS running in little-endian mode, this is what the worm is compiled for) device.
- Your device also has telnet, SSH or web-based interfaces available to the WAN, and
- Your username and password combinations are weak, OR the daemons that your firmware uses are exploitable.
“This technique is one to be extremely concerned about,” the researchers say, “because most end users will not know their network has been hacked, or that their router is exploited. This means that in the future, this could be an attack vector for the theft of personally identifying information.”
If you believe your equipment is vulnerable or has been compromised, you should immediately take the following actions:
- Power cycle your router.
- Disable WAN-facing telnet, SSH or web-based configuration interfaces.
- Change the passwords to something unguessable (see this article).
- Upgrade to the latest firmware.