All the latest UK technology news, reviews and analysis
|
|
|
24 Mar 2009
Researchers are warning of a new worm that targets DSL routers running a distribution of Linux.
The psyb0t worm appears to have been in circulation since the start of the year, and targets routers running Mipsel, a form of the Debian Linux distribution designed for MIPS processors.
The worm is believed to be the first of its kind, and the researchers at DroneBL estimate that it may have infiltrated as many as 100,000 routers.
Psyb0t uses a brute force dictionary attack against the router to obtain username and passwords. This shows that the exploitation is not an attack on the flaw in the operating system itself, but against poor user security.
"Ninety per cent of the routers and modems participating in this botnet are participating due to user error (the user themselves or otherwise). Unfortunately, it seems that some of the people covering this botnet do not understand this point, and it is making us look like a bunch of idiots," said a posting on the DroneBL blog.
"Any device that meets the above criteria is vulnerable, including those built on custom firmware such as OpenWRT and DD-WRT. If the above criteria are not met, then the device is NOT vulnerable."
Once installed, psyb0t allows remote control of the router, and infected hardware has already been used to take part in botnet attacks. It also uses deep packet inspection to try and harvest usernames and passwords for other sites.
Latest stories from Open Source
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Systems Analysis Project Lead - UML, Agile, Waterfall...
IT Business Analyst - ISEB, PRINCE2 - Southampton, Hampshire...
Predictive Modelling analytics - (SAS) - South-East...
iOs Developer - JEE, cocoa, Objective-C - Midlands (potential...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
"Worm turns routers with poor passwords into botnet"
I agree with the above post. This is just the same as a brute force attack on ANY other GNU/Linux machine. The only news here is that someone has automated it to run the brute force on a specific type of router. -Hey Everyone! Security warning! Make sure you use a good password now!-
Posted by: Ikari 25 Mar 2009
IT's a hoax
This site seams to be trying to hype \"nothing\" for attention. Besides, IF it\'s true then it is no more dangerous than not setting a good password; and anyways, most routers DO NOT allow remote administration by default.
Posted by: Sec EX 25 Mar 2009