Botnet Worm Targets DSL Modems and Routers

CoreDuo writes "The people who bring you the DroneBL DNS Blacklist services, while investigating an ongoing DDoS incident, have discovered a botnet composed of exploited DSL modems and routers. OpenWRT/DD-WRT devices all appear to be vulnerable. What makes this worm impressive is the sophisticated nature of the bot, and the potential damage it can do not only to an unknowing end user, but to small businesses using non-commercial Internet connections, and to the unknowing public taking advantage of free Wi-Fi services. The botnet is believed to have infected 100,000 hosts." A followup to the article notes that the bot's IRC control channel now claims that it has been shut down, though the ongoing DDoS attack on DroneBL suggests otherwise.

I attempted to come up with a witty "first post"

But I thought too hard and lost the opportunity. I wear the AC hat with shame.

Hackers.

Was the best movie of all time.

Re:What to do about it?

A. How do we know whether our kit is vulnerable?
B. How to tell whether we are infected?
C. What to do about it if we are?

I'd guess most people, even geeks, just think of their router as a black box and don't know much about them as long as they keep on working.

Yes, folks, this is the kind of post that gets modded as "+5 Insightful" on Slashdot these days. Sad, but tue.