[isapros] Re: home router exploit based botnets in the news..
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Tue, 24 Mar 2009 17:10:50 -0500
:) Great!
____________________________________________
TOM SHINDER | Sr. Consultant/Technical Writer
206.443.1117 | SHINDER@xxxxxxxxxxxxxxx
5701 Sixth Avenue South | Seattle, WA 98108
PROWESS | WWW.PROWESSCORP.COM <http://www.prowesscorp.com/>
____________________________________________
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Tuesday, March 24, 2009 4:47 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] home router exploit based botnets in the news..
Importance: Low
Well, that didn't take long..
http://www.theregister.co.uk/2009/03/24/psyb0t_home_networking_worm/
More than 100,000 hosts invaded
By Dan Goodin in San Francisco
<http://forms.theregister.co.uk/mail_author/?story_url=/2009/03/24/psyb0
t_home_networking_worm/> * Get more from this author
<http://search.theregister.co.uk/?author=Dan%20Goodin>
Posted in Security <http://www.theregister.co.uk/security/> , 24th March
2009 00:20 GMT
Free whitepaper - Trend Micro threat management solution
<http://go.theregister.com/tl/44/-765/white-paper-threat-management-solu
tion.pdf?td=wptl44>
Security researchers have identified a sophisticated piece of malware
that corrals consumer routers and DSL modems into a lethal botnet.
The "psyb0t" worm is believed to be the first piece of malware to target
home networking gear, according to researchers from DroneBL
<http://www.dronebl.org/> , which bills itself as a real-time monitor of
abusable internet addresses. It has already infiltrated an estimated
100,000 hosts. It has been used to carry out DDoS, or distributed denial
of service, attacks and is also believed to use deep-packet inspection
to harvest user names and passwords.
"This technique is one to be extremely concerned about because most end
users will not know their network has been hacked, or that their router
is exploited," the DroneBL researchers wrote here
<http://www.dronebl.org/blog/8> . "This means that in the future, this
could be an attack vector for the theft of personally identifying
information. This technique is not going away."
Vulnerable devices include any home router or modem that uses Linux
Mipsel, has an administration interface, sshd, or telnet in a DMZ, and
employs a weak password. Once the malware takes hold, it locks
legitimate users out of the device by blocking telnet, sshd, and web
access. It then makes the devices part of a botnet. The researchers said
they first learned of the worm while investigating DDoS attacks that hit
DroneBL's infrastructure two weeks ago.
The worm also helps identify exploitable phyMyAdmin and MySQL servers.
More information about psyb0t is available from this research paper
(PDF) <http://www.adam.com.au/bogaurd/PSYB0T.pdf> published in January
Yeh - "hardware" is secure; especially when it runs a "thin Linux".
JimmyJoeBobAlooba
From: Jim Harrison (FF EDGE CS) [mailto:Jim.Harrison@xxxxxxxxxxxxx]
Sent: Tuesday, March 24, 2009 2:44 PM
To: Jim Harrison
Subject: FW: home router exploit based botnets in the news..
Importance: Low
Jim Harrison <blocked::mailto:jmharr@xxxxxxxxxxxxx>
Forefront Edge CS
If We Can't Fix It - It Ain't Broke!
From: George Spix
Sent: Tuesday, March 24, 2009 1:07 PM
To: Product Security Discussion Forum
Subject: home router exploit based botnets in the news..
Importance: Low
Other related posts:
