Discuss EVDO PCMCIA Cards, ExpressCards, EVDO USB, PDAs, Phones, Coverage and Mobile Broadband Cards. Discuss Sprint & Verizon Coverage. CradlePoint CTR350, CTR500, PHS300, MBR900, MBR1000, MBR1200, PHS300. Discuss Improving signal with 3Gstore Antennas and Amplifiers.
EVDOforums.com
Discussion forum for EVDO users
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in   Login with Facebook 
Our sites Include: EVDO Info :: EVDO Forums :: EVDO Maps :: 3Gstore Blog :: 3Gstore.com

To purchase your EVDO Card / Antenna / Amplifier / Router from the EVDO Experts, just contact us!


Follow Us On:

twitter FaceBook EVDOinfo.com

Worm attacks Linksys routers with self-replicating malware

 
Post new topic   Reply to topic    EVDOforums.com Forum Index -> EVDOinfo.com
View previous topic :: View next topic  
Author Message
dario
3Gstore Employee


Joined: 03 Jan 2008
Posts: 414
Location: Tampa Bay Florida

PostPosted: Fri Feb 14, 2014 9:27 am    Post subject: Worm attacks Linksys routers with self-replicating malware Reply with quote

An attack that infects home and small-office wireless routers from Linksys with self-replicating malware, has been uncovered. Once a device is compromised, it scans the Internet for other vulnerable devices to infect.

The worm appears to include strings that point to a command and control channel. The worm also includes basic HTML pages with images that look benign and more like a calling card.

The exploit may also change some routers' domain name system server to 8.8.8.8 or 8.8.4.4, which are IP addresses used by Google's DNS service. Compromised routers remain infected until they are rebooted. Once the devices are restarted, they appear to return to their normal state. People who are wondering if their device is infected should check for heavy outbound scanning on port 80 and 8080, and inbound connection attempts to miscellaneous ports below 1024.

Linksys routers. As the routers scanned IP ports 80 and 8080 as fast as they could, they consumed the bandwidth of the unidentified ISP's customers, slowed down their legitimate activity, and interrupted streams and VPN connections.

The objective behind this ongoing attack remains unclear. Given that the only observable behavior is to temporarily infect a highly select range of devices, one possible motivation is to test how viable a self-replicating worm can be in targeting routers.

More details can be found :

https://isc.sans.edu/diary/Linksys+Worm+Captured/17630
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    EVDOforums.com Forum Index -> EVDOinfo.com All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum







Buy from the 3G/4G Experts @ 3Gstore.com


Pantech UML290 3G/4G


MBR1400


MBR95


Peplink/Pepwave


MBR1200B


3G/4G Booster Antenna


3G & 4G Amplifiers






3G and 4G routers



Digg Us :: del.icio.us :: technorati :: furl

4G :: 4G Forums :: Pepwave :: Peplink :: CradlePoint :: Wilson Electronics :: CloudCams :: MBR1400