Worm invades routers to build botnet

 

Gallery

By Stuart Turton

Posted on 24 Mar 2009 at 14:17

Researchers claim to have identified a new type of worm that is hijacking routers and DSL modems to form a botnet.

Researchers at DroneBL claim the worm, called psyb0t, is the first of its kind and has infiltrated an estimated 100,000 devices.

According to a post on the DroneBL site, the botnet has already been used to carry out distributed denial-of-service attacks and is thought to have the ability to use deep-packet inspection to harvest user names and passwords.

Vulnerable devices include any home router or modem that uses Linux Mipsel, and has an administration interface, sshd, or telnet in a DMZ, and has a weak password.

DroneBL claims to have stumbled upon the worm after the botnet flooded its network infrastructure two weeks ago.

"This technique is one to be extremely concerned about because most end users will not know their network has been hacked, or that their router is exploited," says the DroneBL post.

"This means that in the future, this could be an attack vector for the theft of personally identifying information. This technique is not going away."