General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsBizarre attack infects Linksys routers with self-replicating malware
http://arstechnica.com/security/2014/02/bizarre-attack-infects-linksys-routers-with-self-replicating-malware/Researchers say they have uncovered an ongoing attack that infects home and small-office wireless routers from Linksys with self-replicating malware, most likely by exploiting a code-execution vulnerability in the device firmware.
Johannes B. Ullrich, CTO of the Sans Institute, told Ars he has been able to confirm that the malicious worm has infected around 1,000 Linksys E1000, E1200, and E2400 routers, although the actual number of hijacked devices worldwide could be much higher. A blog post Sans published shortly after this article was posted expanded the range of vulnerable models to virtually the entire Linksys E product line. Once a device is compromised, it scans the Internet for other vulnerable devices to infect.
"We do not know for sure if there is a command and control channel yet," Ullrich wrote in the update. "But the worm appears to include strings that point to a command and control channel. The worm also includes basic HTML pages with images that look benign and more like a calling card. They include images based on the movie "The Moon" which we used as a name for the worm."
<snip>
OKNancy
(41,832 posts)better go read the link though!
adirondacker
(2,921 posts)thread;
https://isc.sans.edu/diary/Linksys+Worm+"TheMoon"+Summary%3A+What+we+know+so+far/17633
I have an e2500 but upgraded the firmware when I installed it a few months ago. Probably still worth it to watch the development of the research.
KoKo
(84,711 posts)but have no idea what the article is talking about.
What should I do about this?
Didn't understand what the threat was to user.
adirondacker
(2,921 posts)"We do not know for sure if there is a command and control channel yet. But the worm appears to include strings that point to a command and control channel. The worm also includes basic HTML pages with images that look benign and more like a calling card. They include images based on the movie "The Moon" which we used as a name for the worm.
We call this a "worm" at this point, as all it appears to do is spread. This may be a "bot" if there is a functional command and control channel present."
def of a bot;
http://en.wikipedia.org/wiki/Internet_bot
I wouldn't be overly concerned, since it looks like more of a prank at this point.
You could login to Lynksys and check on your firmware;
http://support.linksys.com/en-us/support/routers/E2500
KoKo
(84,711 posts)Hopefully it's a prank, but glad to see the alert...just in case.