OT? Linux-based trojans now targeting WRT and other linux-based routers
Andrew "Tuna" Harris
tuna at supertunaman.com
Fri Mar 27 14:53:10 MST 2009
Interesting... How could one detect a trojan through, say, dd-wrt?
Excerpts from Charles Jones's message of Fri Mar 27 14:19:05 -0700 2009:
> http://www.linux-magazine.com/online/news/psyb0t_attacks_linux_routers_update
>
> Some parts of this article made me LOL. Like:
>
> "One type of malware connects primarily to a chat system such as IRC,
> which your ordinary 14-year-old might join for the latest superstar gossip."
>
> and:
>
> "Each IRC network usually has hundreds of these channels, typically
> starting with a hash mark in its name, such as #superstars."
>
> and:
>
> "A participant joining a channel who is not a human is usually a program
> called a bot. There are all kinds of bots lurking in the IRC, some of
> them explain UNIX commands, look up bus schedules or forecast the
> weather. Some, however, await special, often secret, commands"
>
> Which prompted me to say on IRC:
> [03-27-2009 14:11:10] <Charles> hahaha
> [03-27-2009 14:12:54] * Charles is awaiting special secret commands
> [03-27-2009 14:13:28] <Charles> but only if you are a superstar
>
> Seriously though, I sadly have a lot of experience being attacked by,
> and hunting down and eradicating botnets. Infected routers are really
> evil, since your typical user has no way to notice or see that something
> is running that should not be. This could become a real problem as WRT
> and other linux-based routers become more popular.
More information about the PLUG-discuss
mailing list