Re: OT? Linux-based trojans now targeting WRT and other linu…

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Andrew \"Tuna\" Harris
Date:  
To: plu>
Subject: Re: OT? Linux-based trojans now targeting WRT and other linux-based routers
Interesting... How could one detect a trojan through, say, dd-wrt?

Excerpts from Charles Jones's message of Fri Mar 27 14:19:05 -0700 2009:
> http://www.linux-magazine.com/online/news/psyb0t_attacks_linux_routers_update
>
> Some parts of this article made me LOL. Like:
>
> "One type of malware connects primarily to a chat system such as IRC,
> which your ordinary 14-year-old might join for the latest superstar gossip."
>
> and:
>
> "Each IRC network usually has hundreds of these channels, typically
> starting with a hash mark in its name, such as #superstars."
>
> and:
>
> "A participant joining a channel who is not a human is usually a program
> called a bot. There are all kinds of bots lurking in the IRC, some of
> them explain UNIX commands, look up bus schedules or forecast the
> weather. Some, however, await special, often secret, commands"
>
> Which prompted me to say on IRC:
> [03-27-2009 14:11:10] <Charles> hahaha
> [03-27-2009 14:12:54] * Charles is awaiting special secret commands
> [03-27-2009 14:13:28] <Charles> but only if you are a superstar
>
> Seriously though, I sadly have a lot of experience being attacked by,
> and hunting down and eradicating botnets. Infected routers are really
> evil, since your typical user has no way to notice or see that something
> is running that should not be. This could become a real problem as WRT
> and other linux-based routers become more popular.

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss