OT? Linux-based trojans now targeting WRT and other linux-based routers
Charles Jones
charles.jones at ciscolearning.org
Fri Mar 27 14:19:05 MST 2009
http://www.linux-magazine.com/online/news/psyb0t_attacks_linux_routers_update
Some parts of this article made me LOL. Like:
"One type of malware connects primarily to a chat system such as IRC,
which your ordinary 14-year-old might join for the latest superstar gossip."
and:
"Each IRC network usually has hundreds of these channels, typically
starting with a hash mark in its name, such as #superstars."
and:
"A participant joining a channel who is not a human is usually a program
called a bot. There are all kinds of bots lurking in the IRC, some of
them explain UNIX commands, look up bus schedules or forecast the
weather. Some, however, await special, often secret, commands"
Which prompted me to say on IRC:
[03-27-2009 14:11:10] <Charles> hahaha
[03-27-2009 14:12:54] * Charles is awaiting special secret commands
[03-27-2009 14:13:28] <Charles> but only if you are a superstar
Seriously though, I sadly have a lot of experience being attacked by,
and hunting down and eradicating botnets. Infected routers are really
evil, since your typical user has no way to notice or see that something
is running that should not be. This could become a real problem as WRT
and other linux-based routers become more popular.
More information about the PLUG-discuss
mailing list