Mar 26, 2009, 17 :31 UTC (0 Talkback[s]) (416 reads)
(Other stories by Gareth Halfacree)
"Because the worm relies on insecure passwords -- or devices which
have not been reconfigured from their default settings -- the group
claims that "ninety per cent of the routers and modems participating in
this botnet are [doing so] due to user error." While it's always good
advice to choose a very secure password for Internet-facing devices,
it's unlikely that anyone reading a security blog needs telling.
"The payload of the worm is interesting: as well as allowing full
remote control of the router via an IRC channel, the malware uses packet
inspection techniques in an attempt to sniff traffic for usernames and
passwords to web sites and e-mail accounts. The worm also attempts to
resist disinfection by locking out telnet, SSH, and web access to the
device's management functionality -- preventing the device from being
flashed with a known-clean firmware."
Complete Story
http://www.bit-tech.net/news/bits/2009/03/26/worm-targets-linux-routers/1
Don
No comments:
Post a Comment