Botnet Worm Targets DSL Modems and Routers

CoreDuo writes "The people who bring you the DroneBL DNS Blacklist services, while investigating an ongoing DDoS incident, have discovered a botnet composed of exploited DSL modems and routers. OpenWRT/DD-WRT devices all appear to be vulnerable. What makes this worm impressive is the sophisticated nature of the bot, and the potential damage it can do not only to an unknowing end user, but to small businesses using non-commercial Internet connections, and to the unknowing public taking advantage of free Wi-Fi services. The botnet is believed to have infected 100,000 hosts." A followup to the article notes that the bot's IRC control channel now claims that it has been shut down, though the ongoing DDoS attack on DroneBL suggests otherwise.

Re:private/public keys

[Darkk]

I take it you never worked with an enterprise class router like the SonicWall NSA 3500 which supports the CA type keys for web access protection?

Problem is some network admins don't take the time to set up the firewalls correctly to prevent this sorta thing from happening. I always create rules in the remote firewall to only accept 443 port connections from our static IP address and use strong passwords. The firewalls out in the field been running without problems.

And I do check the logs frequency for any kind of intrusion problems.

I also run PfSense firewall at home and it's working great for me. It even supports the SSH connection via keys.