Linux Today: Linux News On Internet Time.

Worm targets Linux routers

Mar 26, 2009, 17:31 (2 Talkback[s])
(Other stories by Gareth Halfacree)

"Because the worm relies on insecure passwords -- or devices which have not been reconfigured from their default settings -- the group claims that “ninety per cent of the routers and modems participating in this botnet are [doing so] due to user error." While it's always good advice to choose a very secure password for Internet-facing devices, it's unlikely that anyone reading a security blog needs telling.

"The payload of the worm is interesting: as well as allowing full remote control of the router via an IRC channel, the malware uses packet inspection techniques in an attempt to sniff traffic for usernames and passwords to web sites and e-mail accounts. The worm also attempts to resist disinfection by locking out telnet, SSH, and web access to the device's management functionality -- preventing the device from being flashed with a known-clean firmware."

Complete Story

Related Stories: