Anti-Virus firms have issued warnings about a new self-replicating computer program (worm) known as Psyb0t, which has the unique ability to turn home broadband routers and certain ADSL modems into Botnets. Such botnets are generally malicious and can be used to propagate a virus, distribute spam, attack other systems (DDoS) and or for stealing your personal data.
The worm itself goes straight for the router and attempts to gain access using a combination of bruteforce username/password attempts, harvested usernames and passwords through deep packet inspection (dpi) and can also scan for vulnerable phpMyAdmin and MySQL servers running over a network:
You are only vulnerable if:
•Your device is a mipsel device [some flavours of embedded linux].
•Your device has telnet, SSH or web-based interfaces available to the WAN.
•Your username and password combinations are weak, OR the daemons that your firmware uses are exploitable.
As such, 90% of the routers and modems participating in this botnet are participating due to user-error (the user themselves or otherwise). Unfortunately, it seems that some of the people covering this botnet do not understand this point, and it is making us look like a bunch of idiots.
Any device that meets the above criteria is vulnerable, including those built on custom firmware such as OpenWRT and DD-WRT. If the above criteria is not met, then the device is NOT vulnerable.
It's understood that up to 100,000 routers could have been infected by the worm, which also blocks ports 22, 23 and 80 as part of the infection process (80 is used for http, web browsing) and locks you out of the router. Those that suspect their routers of being compromised should perform a HARD RESET to get rid of the rootkit. This is not to be confused with a soft reset or reboot (consult your manual).
No responsibility can be taken for the content of external Internet sites.
Return to hosting news headlines
View Hosting News Archive