Display:Block

Sources revealed that there is a new Worm that can affect the router or modem itself. This was a clever move by the Worm creator, as if the source is coming from a PC itself, users normally put it to sleep, or shut it down at night. Since it’s coming from the router, they can broadcast 24/7 and you would be none the wiser.

This Botnet was first discovered in Australia, Terry Baume first observed it infecting a Netcomm NB5 modem/router. The botnet binary was further analysed by members of the website DroneBL (a real-time IP tracker that scans for botnets and vulnerable machines) which came to the conclusion that the “psyb0t” or “Network Bluepill” botnet was mostly a test run to prove the technology.

The malware contains the shellcode for over 30 different Linksys models, 10 Netgear models, and a variety of other cable and DSL modems (15 different shellcodes). A list of 6000 Usernames and 13,000 Passwords were also included, to be used for brute force entry to Telnet and SSH logins which are open to the LAN and sometimes even the public WAN side of the routers. Generally, routers do not lock a user out after a number of incorrect password attempts, making brute force attacks possible. Its a good time to change your router password to something a bit stronger and hard to guess.

This type of attack will make it harder for IT specialists to track down where the cause of the issue actually lies! 99% of the time you would assume its the PC itself, so tracking is going to be a nightmare. The only way you would guess that it could be the router is that there may be a slight network performance issue. The only way to detect it would be to monitor the traffic in and out of your router.

The bot can also disable access to the control panel of the router making the only way to clear it a Factory Reset!

What’s next, Norton for routers? Scary times ahead if its not only our PC’s that can get infected!