Discussion forum for EVDO users
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups 

View previous topic :: View next topic  
Author Message
3Gstore Employee

Joined: 03 Jan 2008
Posts: 444
Location: Tampa Bay Florida

PostPosted: Fri Feb 14, 2014 9:27 am    Post subject: Worm attacks Linksys routers with self-replicating malware

An attack that infects home and small-office wireless routers from Linksys with self-replicating malware, has been uncovered. Once a device is compromised, it scans the Internet for other vulnerable devices to infect.

The worm appears to include strings that point to a command and control channel. The worm also includes basic HTML pages with images that look benign and more like a calling card.

The exploit may also change some routers' domain name system server to or, which are IP addresses used by Google's DNS service. Compromised routers remain infected until they are rebooted. Once the devices are restarted, they appear to return to their normal state. People who are wondering if their device is infected should check for heavy outbound scanning on port 80 and 8080, and inbound connection attempts to miscellaneous ports below 1024.

Linksys routers. As the routers scanned IP ports 80 and 8080 as fast as they could, they consumed the bandwidth of the unidentified ISP's customers, slowed down their legitimate activity, and interrupted streams and VPN connections.

The objective behind this ongoing attack remains unclear. Given that the only observable behavior is to temporarily infect a highly select range of devices, one possible motivation is to test how viable a self-replicating worm can be in targeting routers.

More details can be found :

Back to top
View user's profile
Display posts from previous:   
All times are GMT - 6 Hours
Page 1 of 1
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum