Trend Micro warns of Linux malware spreading on routers

Trend Micro has issued a warning to administrators after picking up the first copies of a Linux malware variant infecting routers.

The ELF_TSUNAMI.R malware uses a combination attack to spread. It is capable of running its own brute force attacks against routers, but also exploits a flaw in the D-Link DWL-900AP+ internet router. The code also links infected machines to botnet servers via IRC channels.

"This malware is predominantly found in Latin America but we are also checking the extent of infection in other regions," Trend Micro warned in a blog post.

"The attacks also work against D-Link routers, and we are also verifying if it works on others."

The malware is thought to be a variant of a strain first discovered in 2008, but which has since been adapted and made more efficient.

Malware writers generally stick to trying to infect end-user systems, but attacks on network hardware are not unknown.

"There is a long history of router-centric attacks going back at least three years and coincides especially with the growth of Wi-Fi," Rob Rachwald, Imperva's director of security strategy, told V3.co.uk.

"Why? Hackers would love to have the ability to route all the victim's traffic to perform, for example, DDoS or mass SQL injection attacks."