Slashdot Mirror


Botnet Worm Targets DSL Modems and Routers

CoreDuo writes "The people who bring you the DroneBL DNS Blacklist services, while investigating an ongoing DDoS incident, have discovered a botnet composed of exploited DSL modems and routers. OpenWRT/DD-WRT devices all appear to be vulnerable. What makes this worm impressive is the sophisticated nature of the bot, and the potential damage it can do not only to an unknowing end user, but to small businesses using non-commercial Internet connections, and to the unknowing public taking advantage of free Wi-Fi services. The botnet is believed to have infected 100,000 hosts." A followup to the article notes that the bot's IRC control channel now claims that it has been shut down, though the ongoing DDoS attack on DroneBL suggests otherwise.

3 of 272 comments (clear)

  1. Easy fix by Anonymous Coward · · Score: 5, Funny

    Not a big deal, you can just:

    ssh to your router
    ifconfig eth0 down

    All fixed, not vulnerable anymore.

  2. Re:What to do about it? by John+Hasler · · Score: 5, Funny

    > ...the default configuration doesn't allow remote access from the Internet at all.

    True. The crackers have to use the bot that controls his pc and the default password that he didn't change.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  3. Re:Hackers. by turing_m · · Score: 5, Funny

    Sex is like pizza... Even when it is bad, it's still pizza.

    The difference is... when you get desperate enough to eat disgustingly bad pizza, your friends won't bring it up for the next ten years at every possible occasion.

    --
    If I have seen further it is by stealing the Intellectual Property of giants.