SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    New Worm Attacking Linksys Routers
Date    Friday February 14 2014, @01:39AM
Author    robind
Topic   
from the entry-level dept.
https://soylentnews.org/article.pl?sid=14/02/14/0125213

AudioGuy writes:

"Researchers say they have uncovered an ongoing attack that infects home and small-office wireless routers from Linksys with self-replicating malware, most likely by exploiting a code-execution vulnerability in the device firmware.

The worm works by injecting vulnerable devices with a URL-encoded shell script that carries out the same seek-and-hijack behavior. The exploit may also change some routers' domain name system server to 8.8.8.8 or 8.8.4.4, which are IP addresses used by Google's DNS service. Compromised routers remain infected until they are rebooted. Once the devices are restarted, they appear to return to their normal state. People who are wondering if their device is infected should check for heavy outbound scanning on port 80 and 8080, and inbound connection attempts to miscellaneous ports below 1024.

This blog post at Sans contains more technical details including a way to test if you have a vulnerable device."

Links
  1. "an ongoing attack" - http://arstechnica.com/security/2014/02/bizarre-attack-infects-linksys-routers-with-self-replicating-malware/
  2. "This blog post" - https://isc.sans.edu/diary/Linksys+Worm+%22TheMoon%22+Summary%3A+What+we+know+so+far/17633
© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, New Worm Attacking Linksys Routers on 2024-04-18 11:55:31