OT? Linux-based trojans now targeting WRT and other linux-based routers

Andrew "Tuna" Harris tuna at supertunaman.com
Fri Mar 27 17:57:34 MST 2009


Excerpts from Charles Jones's message of Fri Mar 27 14:19:05 -0700 2009:
> http://www.linux-magazine.com/online/news/psyb0t_attacks_linux_routers_update
> 
> Some parts of this article made me LOL. Like:
> 
> "One type of malware connects primarily to a chat system such as IRC, 
> which your ordinary 14-year-old might join for the latest superstar gossip."
> 
> and:
> 
> "Each IRC network usually has hundreds of these channels, typically 
> starting with a hash mark in its name, such as #superstars."
> 
> and:
> 
> "A participant joining a channel who is not a human is usually a program 
> called a bot. There are all kinds of bots lurking in the IRC, some of 
> them explain UNIX commands, look up bus schedules or forecast the 
> weather. Some, however, await special, often secret, commands"
> 
> Which prompted me to say on IRC:
> [03-27-2009 14:11:10] <Charles> hahaha
> [03-27-2009 14:12:54] * Charles is awaiting special secret commands
> [03-27-2009 14:13:28] <Charles> but only if you are a superstar
> 
> Seriously though, I sadly have a lot of experience being attacked by, 
> and hunting down and eradicating botnets. Infected routers are really 
> evil, since your typical user has no way to notice or see that something 
> is running that should not be. This could become a real problem as WRT 
> and other linux-based routers become more popular.

I just wish I had come up with the idea of WRT-based botnets first. :<

I guess the vendors will just have to set randomly generated default
passwords, and pass along a little card that says "omgwtfbbq ur password
lol". But you KNOW that they'll never get around to that soon.


More information about the PLUG-discuss mailing list