New malware focuses on Linksys routers




Multiple routers from Linksys are the victim of a worm. The worm probably spreads through a hole in the router software. It is still unclear what purpose the malware has in mind.

Linksys logo (27 pix) Researcher Johannes Ullrich of the Internet Storm Center studied the worm, whose existence Wednesday to light came when an American ISP routers noticed that customers were hacked. The malicious software focuses more on the E2500, E1000 and E1200 the.

The E1200 should no longer be vulnerable to the latest firmware but the E1000 though. It is unclear whether the E2500 with the latest firmware is susceptible. A Polish security researcher writes on his site that other models, including the E1500 and E4200, can also be infected. the worm

What exactly does the malware is unclear, except that it automatically spread to other Linksys routers. Ullrich discovered that when he installed a honeypot: a device with vulnerable software that is designed to attract attackers. The honeypot Ullrich was actually infected, after which he could intercept and analyze malware.

Once installed, the worm within certain netblocks looking for vulnerable routers, as discovered Ullrich. The scans focus on ports 80 and 8080, after which routers vulnerable to a post-request is sent to the attacker lets execute his own code. It is unclear how to manage, according to the American provider discovered that the worm does not come by the use of weak passwords.

After infection, a second file is downloaded, it is likely to contain additional code. In addition, the worm seems to make a command-and-control server connection: namely, the second binary contains a number of hostnames.


In: A Technology & Gadgets Asked By: [23225 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »