It is being reported today that a nasty new computer worm has infected 55 different types of home-based wireless routers and wireless cable modems. Known as "psyb0t" or Bluepill, this has infected DSL/cable modems, routers, Linux Mipsel, has an administration interface, sshd, or telnet in a DMZ, and employs a weak password. Once the malware takes hold, it locks legitimate users out of the device by blocking telnet, sshd, and web access. to include brands such as Linksys and Netgear. This is the first worm known to have infected residential routers and modems.
Psyb0t is armed with 6000 common usernames and 13,000 popular passwords and it tries to gain access to the home network by using various combinations. Since most home based routers and modems do not limit the number of failed attempts, these devices are an ideal target for infection. In addition, because these types of devices generally run 24 hours a day, they give psyb0t an unlimited amount of time to try to gain access.
To make matters worse, psyb0t is reportedly very hard to detect and most home users aren't aware they are even infected. Like most worms, it is designed to infect a system and then carry out orders given by the author; this is known as a botnet. APC Magazine is reporting that the botnet capability is no longer active now but at it's height, psyb0t was suspected of controlling 80,000 to 100,000 systems.
How can you tell if you are infected? By default ports 22, 23 and 80 are blocked by as part of this infection. If these ports are blocked, you should perform a hard reset on your device, change the administrative passwords, and update to the latest firmware. These steps will remove the rootkit and ensure that your device is not reinfected.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment