Security Corner

Mar 25 2009   1:49PM GMT

Worm Targets Home Networking Equipment

Ken Harthun Ken Harthun Profile: Ken Harthun

As reported yesterday in The Register, the “psyb0t” worm targets home routers and modems and may be the first piece of malware to do so. Researchers from DroneBL, a real-time tracker of abusable IPs, say that as of March 22 100,000 hosts had been infected.

Whether or not your equipment is vulnerable depends on three things:

  • Your device is a mipsel (MIPS running in little-endian mode, this is what the worm is compiled for) device.
  • Your device also has telnet, SSH or web-based interfaces available to the WAN, and
  • Your username and password combinations are weak, OR the daemons that your firmware uses are exploitable.

“This technique is one to be extremely concerned about,” the researchers say, “because most end users will not know their network has been hacked, or that their router is exploited. This means that in the future, this could be an attack vector for the theft of personally identifying information.”

If you believe your equipment is vulnerable or has been compromised, you should immediately take the following actions:

  1. Power cycle your router.
  2. Disable WAN-facing telnet, SSH or web-based configuration interfaces.
  3. Change the passwords to something unguessable (see this article).
  4. Upgrade to the latest firmware.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: