Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»Bizarre attack infects Li...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

LiberalArkie

(15,719 posts) Thu Feb 13, 2014, 03:36 PM Feb 2014

Bizarre attack infects Linksys routers with self-replicating malware

http://arstechnica.com/security/2014/02/bizarre-attack-infects-linksys-routers-with-self-replicating-malware/




Researchers say they have uncovered an ongoing attack that infects home and small-office wireless routers from Linksys with self-replicating malware, most likely by exploiting a code-execution vulnerability in the device firmware.

Johannes B. Ullrich, CTO of the Sans Institute, told Ars he has been able to confirm that the malicious worm has infected around 1,000 Linksys E1000, E1200, and E2400 routers, although the actual number of hijacked devices worldwide could be much higher. A blog post Sans published shortly after this article was posted expanded the range of vulnerable models to virtually the entire Linksys E product line. Once a device is compromised, it scans the Internet for other vulnerable devices to infect.

"We do not know for sure if there is a command and control channel yet," Ullrich wrote in the update. "But the worm appears to include strings that point to a command and control channel. The worm also includes basic HTML pages with images that look benign and more like a calling card. They include images based on the movie "The Moon" which we used as a name for the worm."

<snip>
InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 6 replies, 1138 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (2) ReplyReply to this post
6 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Bizarre attack infects Linksys routers with self-replicating malware (Original Post) LiberalArkie Feb 2014 OP
Looks like mine, but mine is a E3000 OKNancy Feb 2014 #1
E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000,E900 per linked adirondacker Feb 2014 #2
I have one of the ones on the list... KoKo Feb 2014 #3
It's been a while (over a decade) since I administered, but from the article... adirondacker Feb 2014 #5
Thanks for the info. KoKo Feb 2014 #6
bump... nt Jesus Malverde Feb 2014 #4

adirondacker

(2,921 posts)
2. E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000,E900 per linked
Reply to OKNancy (Reply #1)
Thu Feb 13, 2014, 04:12 PM
Feb 2014

thread;
https://isc.sans.edu/diary/Linksys+Worm+"TheMoon"+Summary%3A+What+we+know+so+far/17633

I have an e2500 but upgraded the firmware when I installed it a few months ago. Probably still worth it to watch the development of the research.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

KoKo

(84,711 posts)
3. I have one of the ones on the list...
Reply to adirondacker (Reply #2)
Thu Feb 13, 2014, 04:24 PM
Feb 2014

but have no idea what the article is talking about.

What should I do about this?

Didn't understand what the threat was to user.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

adirondacker

(2,921 posts)
5. It's been a while (over a decade) since I administered, but from the article...
Reply to KoKo (Reply #3)
Thu Feb 13, 2014, 05:09 PM
Feb 2014

"We do not know for sure if there is a command and control channel yet. But the worm appears to include strings that point to a command and control channel. The worm also includes basic HTML pages with images that look benign and more like a calling card. They include images based on the movie "The Moon" which we used as a name for the worm.

We call this a "worm" at this point, as all it appears to do is spread. This may be a "bot" if there is a functional command and control channel present."

def of a bot;
http://en.wikipedia.org/wiki/Internet_bot

I wouldn't be overly concerned, since it looks like more of a prank at this point.
You could login to Lynksys and check on your firmware;

http://support.linksys.com/en-us/support/routers/E2500

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»General Discussion»Bizarre attack infects Li...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.