"Because the worm relies on insecure passwords -- or devices
which have not been reconfigured from their default settings -- the
group claims that “ninety per cent of the routers and modems
participating in this botnet are [doing so] due to user error."
While it's always good advice to choose a very secure password for
Internet-facing devices, it's unlikely that anyone reading a
security blog needs telling.
"The payload of the worm is interesting: as well as allowing
full remote control of the router via an IRC channel, the malware
uses packet inspection techniques in an attempt to sniff traffic
for usernames and passwords to web sites and e-mail accounts. The
worm also attempts to resist disinfection by locking out telnet,
SSH, and web access to the device's management functionality --
preventing the device from being flashed with a known-clean