Mar 26
Sources revealed that there is a new Worm that can affect the router or modem itself. This was a clever move by the Worm creator, as if the source is coming from a PC itself, users normally put it to sleep, or shut it down at night. Since it’s coming from the router, they can broadcast 24/7 and you would be none the wiser.
This Botnet was first discovered in Australia, Terry Baume first observed it infecting a Netcomm NB5 modem/router. The botnet binary was further analysed by members of the website DroneBL (a real-time IP tracker that scans for botnets and vulnerable machines) which came to the conclusion that the “psyb0t” or “Network Bluepill” botnet was mostly a test run to prove the technology.
The malware contains the shellcode for over 30 different Linksys models, 10 Netgear models, and a variety of other cable and DSL modems (15 different shellcodes). A list of 6000 Usernames and 13,000 Passwords were also included, to be used for brute force entry to Telnet and SSH logins which are open to the LAN and sometimes even the public WAN side of the routers. Generally, routers do not lock a user out after a number of incorrect password attempts, making brute force attacks possible. Its a good time to change your router password to something a bit stronger and hard to guess.
This type of attack will make it harder for IT specialists to track down where the cause of the issue actually lies! 99% of the time you would assume its the PC itself, so tracking is going to be a nightmare. The only way you would guess that it could be the router is that there may be a slight network performance issue. The only way to detect it would be to monitor the traffic in and out of your router.
The bot can also disable access to the control panel of the router making the only way to clear it a Factory Reset!
What’s next, Norton for routers? Scary times ahead if its not only our PC’s that can get infected!
Feb 17
Microsoft has issued a reward in return for capturing a worm creator. The worm is called Downadup/Conficker. Microsoft views the virus as a criminal attack and will do all they can to prevent it from going any further. “Our message is very clear – whoever wrote this caused significant pain to our customers and we are sending a message that we will do everything we can to help with your arrest,” said Mr Stathakopulos from Microsoft‘s Trustworthy Computing Group.
The worm replicates itself and buries deep into the system making it hard to remove. It hunts around and guesses network usernames and passwords. Compromised machines can be used to send spam, as dead drops for stolen or pirated data and to launch attacks on other machines.
Be sure to keep your network up to date with Microsoft‘s updates, especially KB958644.
Read more about it here: http://news.bbc.co.uk/1/hi/technology/7887577.stm
Dec 18
Microsoft have released an update to IE7 where hackers could gain access to your computer, to steal your passwords and personal details. IT Managers are increasing their security rapidly.
Microsoft says it has detected attacks against IE 7.0 but said the “underlying vulnerability” was present in all versions of the browser. Would this be a good time to switch to the ever increasing Mozilla Firefox, or Google Chrome? And does this especially mean the end to supporting IE6?
“Based on our investigation, setting the internet zone security setting to High will protect users from known attacks,” advised Microsoft.
However, for the most effective protection, customers should evaluate a combination of using the High security setting in conjunction with one of the following workarounds:
- Disable XML Island functionality
- Restrict Internet Explorer from using OLEDB32.dll with an Integrity Level ACL
- Disable Row Position functionality of OLEDB32.dll
- Unregister OLEDB32.dll
- Use ACL to disable OLEDB32.dll