from the why-we-can't-have-nice-things dept.
Servers hosting Valve Source Engine and popular games like Fortnite are targeted by a new variant of the Gafgyt botnet.
A new Gafgyt variant is adding vulnerable internet of things (IoT) devices to its botnet arsenal and using them to cripple gaming servers worldwide.
The newly-discovered variant is capable of launching a variety of denial-of-service (DoS) attacks against the Valve Source Engine, a video game engine developed by Valve Corp. that runs popular games such as Half-Life and Team Fortress 2. Other gaming servers have also been targeted by the botnet, such as those hosting widely-played games such as Fortnite, researchers warn.
“This Gafgyt variant is a competing botnet to the JenX botnet, which also uses remote code-execution exploits to gain access and recruit routers into botnets to attack gaming servers – most notably those running the Valve Source Engine – and cause a denial-of-service,” said researchers with Palo Alto Networks’ Unit 42 research team, in analysis released Thursday. “This variant also competes against similar botnets, which we have found are frequently sold on Instagram.”
Gafgyt, a botnet that was uncovered in 2014, has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks. The newest Gafgyt variant targets two of the same small-office router remote-code-execution flaws as its predecessor, JenX, which was disclosed in 2018.
The two previously-targeted flaws are CVE-2017-17215 (in the Huawei HG532) and CVE-2014-8361 (in the Realtek RTL81XX chipset). However, the newest variant also targets another vulnerability, CVE-2017-18368, a remote command-injection bug on Zyxel P660HN wireless routers. The Zyxel P660HN-T1A (distributed by TrueOnline) has a command-injection vulnerability in the remote system log forwarding function, which can be accessed by an unauthenticated user, researchers said.
According to Shodan, there are more than 32,000 Wi-Fi routers worldwide that are vulnerable to these three flaws.
(Score: 3, Interesting) by Mojibake Tengu on Saturday November 02 2019, @02:44PM (3 children)
Crippling gaming servers worldwide for much longer may help to sell handheld consoles, of which Nintendo Switch is the best one lately, at least for WiFi LAN parties in the pub. I admit, at first it was a bit difficult to convince other patrons to play Disgaea, though. But once they got used to it, some agree this is much better than chess.
Rust programming language offends both my Intelligence and my Spirit.
(Score: -1, Flamebait) by Anonymous Coward on Saturday November 02 2019, @11:35PM (2 children)
If it takes down the new steam library, then let me know how I can help run this on multiple devices. I'll even volunteer to run it on devices that aren't mine...
(Score: 2) by jasassin on Sunday November 03 2019, @12:41AM (1 child)
What did Valve ever do to you? Seriously.
Man, these guys are dicks, and so are you.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 0) by Anonymous Coward on Sunday November 03 2019, @06:11AM
You mean... apart from the sanitation, the medicine, education, wine, public orde... oh, sorry wrong movie.
(Score: 2) by jasassin on Saturday November 02 2019, @04:55PM (2 children)
The only way router should be able to be hacked is if remote administration is enabled. Any other hack is inexcusable. If a router is hackable without remote access enabled I would never trust that company again.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 5, Interesting) by ledow on Saturday November 02 2019, @06:36PM (1 child)
Look up TR-069 - ISPs have a protocol to explicitly remotely control your router for you.
This is one of the reasons that you should always put a router behind your ISP router, that firewalls you off from them. Their supplied routers literally have the run of your local network and wireless while simultaneously they have administrative rights on them without your knowledge.
You always have to assume traffic is hostile, whatever, but stop giving them a device on your local network masquerading as a firewall against everyone when really it's just a firewall against everyone but the ISP.
(Score: 2) by jasassin on Saturday November 02 2019, @07:18PM
Thankfully I have the cable modem I bought from my ISP, but I have my own router, which I have checked the CSV's for any exploits (none found for my model).
I sure wouldn't trust an ISP cable modem/router.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 0) by Anonymous Coward on Saturday November 02 2019, @11:09PM (1 child)
Peddling their wares right out in the open, eh? What happened to the Dark Web and "underground hacking forums"? Kids these days...
(Score: 2) by EvilSS on Sunday November 03 2019, @12:59AM