Botnets now target home Internet modems and routers
It actually feels like it’s been a long time coming, but a botnet has emerged that targets ‘consumer level’ infrastructure; namely specific Internet modems and routers commonly found in home environments. For a device to be vulnerable it needs the following criteria to be met:
- Must be the vulnerable chipset; in this case ‘mipsel’
- Must have administration accessible from the outside (the WAN interface)
- Must have weak passwords or vulnerable ’services’ (daemons)
Thankfully most devices ‘out of the box’ are not vulnerable since they do not allow administrator access from the Internet. The other criteria are pretty easily met once an administrative interface is enabled; rarely do home users change the administrative password or set it to anything of substance. Similarly, not many users would update the ’services’ via firmware updates.
Just how many devices has the botnet snagged so far? It seems like 100,000 and counting.
It would be a great idea for everyone just to check their home network from the Internet to ensure ssh (port 22), telnet (port 23), and http or https (ports 80 and 443) are not enabled. It can be quite easy to check the box for ‘remote admin access’ without knowing it is referring to access from the Internet not the internal interfaces. Make sure you have changed the default password too, or you’re just asking for trouble.
More details can be found at the following links:
“Worm breeds botnet from home routers, modems” (The Register, 24th March 2009)
DronBL BLog Article (more technical information)
