Slashdot Mirror
Chuck Norris Attacks Linux-Based Routers, Modems
angry tapir writes "Discovered by Czech researchers, the Chuck Norris botnet has been spreading by taking advantage of poorly configured routers and DSL modems. The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: 'in nome di Chuck Norris,' which means 'in the name of Chuck Norris.' Chuck Norris is unusual in that it infects DSL modems and routers rather than PCs. It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access."
this one really takes the cake!
I wonder what he attacks them with.
sigs... don't talk to me about sigs....
safe from Chuck Norris??
The REAL Chuck Noris wouldn't have to guess the default password, he'd just round-house kick the modem until it let him in without it.
So . . . Where's the Bruce Lee Bot Net in all this? Will it be involved in some botnet tournament, fighting over Linksys, D-Link and Netgear routers in a winner takes all competition?
Only time will tell if this botnet can withstand the test of time, only to appear in really cheesey YouTube shows about a botnet turned good out to beat some serious Texas Worm's butt.
Most ignorance is vincible ignorance. We don't know because we don't want to know. --Aldous Huxley
not even linux for god sake, look him up in Google, and if you are brave enough in Google Images! (i warned you)
God's gift to chicks
Not even Bruce Schneier can protect your router from Chuck.
'It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access."'
Does this botnet attack also work on non Linux based routers and if so the what is the logic behind the subject line ?
Am I the only one who was entirely terrified by this headline?
-knewter
what's to stop Chuck Norris from taking legal action against the researchers who coined the name?
International boundaries, for one. Likely the author of the software for the botnet does not reside in the US (if that person's location is even known). Chuck Norris can take all the legal action he wants within the US against the botnet author or botnet master, it generally won't mean squat if they are in a different country.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Chuck Norris doesn't even need to attack them, they just submit because they know he could fry their CPU with a single packet!
Is Chuck Norris really defeated by changing the admin password on your home router?!
That would have made Bruce Lee's job a lot easier.
Finally had enough. Come see us over at https://soylentnews.org/
"The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: 'in nome di Chuck Norris'"
Source code? How did they get the source code? Wouldn't a virus in the wild be compiled? Is this some strange virus that carries around its source code and compiles itself for every new host it infects?
If so, I believe a Gentoo programmer is behind this virus outbreak.
I've also got to question the sense of naming a botnet like this. Sure it's memorable, but what's to stop Chuck Norris from taking legal action against the researchers who coined the name? I certainly wouldn't want my name associated with a criminal enterprise.
Reuters Fri Dec 21, 2007 7:21pm: Tough-guy actor and martial arts expert Chuck Norris sued publisher Penguin on Friday over a book he claims unfairly exploits his famous name, based on a satirical Internet list of "mythical facts" about him.
"Norris, whose real name is Carlos Ray Norris, claims in the suit he is protective of what his name is associated with."
http://www.reuters.com/article/idUSN2129580420071222
---
Note to Consumers:
I'm just guessing that the user name is "admin", "Admin", "root", or "user" and the password is either "password", "admin", or "actiontec"...
I've setup some of those modems/routers, mainly for people who went to Best Buy (EEK!) and thought "Hey! That's exactly what I'm looking for! That will work great for my Verizon DSL connection! Hey, it's got the Verizon logo right there!"...
FAIL!
!!!!!!!!!!!
Beware anything branded by an ISP, to begin with... And most devices created for a not-so-security-savvy consumer... If all else fails, have a pro come in and set it up for you...
They will be able to have you reset the password and setup some sort of encryption/authentication for your wireless network...
!!!!!!!!!!!
The problem here is that the default username & password for almost every new (Home-based) router or modem is going to be "admin" & "admin" or "admin" & "password"...
What really needs to be done here is that, by default, the device should not be able to connect to the Interwebz with the default settings. If nothing else, have the external web/console interface blocked... "Security through obscurity", including an odd http/https port is only so effective... And most of the time, in my little bit of experience, it is not that obscure... Once the device is out there, its configuration will be scrutinized and, in most cases, prodded by hackers & crackers alike, for "security" concerns.
And don't give me the "Oh, it's Linux. Secure by default!" bit. Any operating system is only as secure as the person controlling it. If you were to have no clue as to how an internal combustion engine works, would you take on the task of rebuilding your (gas-guzzling) car's engine? Most likely not... Why would you think that you could secure your Internet connection if you have no knowledge of how the Internet and, even more than that, people work?
Just another bad thought...
Cheers!
--Stak
Holy happy hippy crap!
So if Confiker owns Windows boxen it's because Windows is awful and shoddy. But if CN owns Linux boxen it's because they are "misconfigured". Grow up, /.
This is not a self-referential sig.
"Because the Chuck Norris botnet lives in the router's RAM, it can be removed with a restart.
Users who don't want to be infected can mitigate the risk -- the simplest way of doing this is by using a strong password on the router or modem. "
1 - disconnect from internet
2 - reset the router by removing the power for thirty seconds.
3 - change the router's password.
If you've never changed the router's settings:
You could rtfm (read the fine manual).
You can usually get to the router's settings from your browser. Try typing 192.168.1.1 into the the
browser's URL bar.
The browser will present you with a logon screen. The user name is often blank and the password is
often 'admin'. That's the password you want to change. Don't change the password that logs you onto
the internet. Stick a piece of tape onto the router and write on the new user name and password.
4 - ???
5 - profit!
(sorry, I got carried away)
doesn't need computers in his Botnet, he just ...er infects routers and modems...
and my all time favorite:
Chuck Norris doesn't do push ups. He pushes the planet down.
The logical action one takes after reading a newspost such as this is to fix the holes/bugs mentioned in TFA. But...if it all happens in the name of Chuck Norris, should one really dare?
The Leonidas botnet and the Techno Viking botnet team up to fight the Vin Diesel botnet and the Mr T botnet.
The winner gets to rip Chuck Norris apart.
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Either the effects of insomnia are finally sending me over the edge or this is my favorite ./ thread ever. Besides has anyone ever seen a Chuck Norris round house. No because you can't.
..I can not merely see him suffering Silent Rage (1982) over having a botnet named after him. He will attempt to get the researcher in a legal Code of Silence (1985) using A Force of One (1979) lawyer who will no doubt be Top Dog (1995) in his field.
No, they don't leave the default setting, but since they set every single machine to have a password of "password1" it's actually worse than using the default. Defaults occasionally change from model to model.
The old westel modems they used to use derived their passwords from the MAC address in a predictable way.
Fuckers are basically clueless.
Please sell the movie rights to your idea.
Now you've got me thinking... There needs to be a movie, starring Chuck Norris, of course, and a whole slew of people who'll get paid tons of cash due to their notoriety but be left out of the opening credits, where Chuck goes on a non-stop beyond-godlike multinational testosterone-fueled spree of death and pillage, without care for his own safety, in a man-with-nothing-to-lose odyssey to obtain some personally invaluable McGuffin, with obvious spots of intrigue and investigation, HUGE explosions that he just walks out of, and small tactical nukes that he disarms using nothing but his beard, all while his hands are tied behind his back (for the challenge, not because he couldn't break or slip the bonds).
Something like a cross between Taken and 300, only so much manlier that he makes Leonidas look like a pussy.
The world needs more awesome, gripping, extremely manly films that have good plots, and I submit that a decent director and screenwriter need to put Chuck into this role. For all our sakes.
Boot Windows, Linux, and ESX over the network for free.
You are allowed to surf the net, because Chuck Norris let you.
There are a lot of comments here laying the blame on dumb users, and I agree that they're often at fault, but sometimes the ISPs are to blame. I once had a cable provider (Brightstar, in Seattle) that gave me a combination modem/router that only had an extremely basic admin interface available - the only thing I could change was the WPA password. However, if you SSH'd in to the router from the outside (and only from the outside), you could log in with the default administrator username and password (found through google) and reconfigure almost everything through a horribly undocumented text interface. There's almost no way for a normal user to figure this out or change it, and if they did change the password, the ISP (who almost certainly is using this interface for mass-management) would probably be pretty upset.
Times like this make me grateful that I've chosen to use Windows instead of Linux.
Jack Bauer could do better than Chuck Norris. :-P
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
I have yet to see a router or dsl modem distributed by an ISP in the US that DIDN'T use the default user/password. First thing I did when I got mine was find the (undocumented) way to change the password.
So pretty much the entire US is vulnerable to this...
Hook, line and sinker ... I'm a sucker for CH jokes:
1. Who's the only person who can slam a revolving door? A: Chuck Norris
2. When an episode of Walker Texas Ranger was aired in France, the French surrendered to Chuck Norris just to be on the safe side.
3. Superman can compress coal into diamonds. Pffft. Chuck Norris can stretch diamonds back out into coal.
4. Chuck Norris maintains a concealed weapons license in all 50 states just to legally wear pants.
etc
L'esperienza de questa dolce vita (The experience of this sweet life) - Dante Alighieri, The Divine Comedy
First the universe comes into being once again when Chuck wakes up. He processes to scare the time-space fabric out of his way until he reaches the kitchen where he stares down the coffee pot till it spontaniously brews coffee. Grabbing a chicken from his hen house out back he round house kicks it catching the subsequently, and prefectly made sunny side up eggs in his mouth after they have flown around the world in 14 seconds. He boldly enters his home through a revolving door which his slams upon glancing at the paper's headline "Chuck Norris Botnet".
He waits momentarily while the planet shifts upwards to place Chuck into his sofa as he grabs the phone. The phone out of sheer terror immediately dials the Italian PM who's normal black phone begins to glow a dark burgandy. Trembling the Italian PM picks up the phone when suddently Chuck grabs him by the throat THROUGH the phone stating simply, "I am about to give Italy a taste of my boot if you do not bring me this program by noon."
Stammering the PM says, "But that's madness, it's 11:58 AM here!"
Chuck smiles, "Madness? THIS IS NORRIS!" and round-house kicks the PM, again through the phone, so hard he finally lands in Sparta.
The programmer was never head from again... he apaprently caught the first computer-to-human transmittable virus called the NORRIS-1C virus which causes you to spontaniously explode as if round house kicked...
-=[ Who Is John Galt? ]=-
... just how poor implementations decisions compromise security. Take any OS and install it with an easily obtainable root password and guess what? What could the manufacturers have been thinking that makes any kind of sense?
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
When I read this headline I imagined A stack of 15 routers on two cinderblocks and Chuck chopping through the whole stack.
-- QED
distributed by an ISP in the US that DIDN'T use the default user/password
I disagree.. the ISP suppled modem and router/modem combo have either a unique modem access code, or require you to create a password upon setting it up. (at least that's the way AT&T does it).. It's when people buy a modem or router themselves (usually to save a buck) that they end up with something that has the easily guessed username & password.
waiting for ad.doubleclick.net
The 2wire DSL routers that AT&T installs have a unique factory-programmed WPA key and admin password. They're printed on a label on the bottom of the router.
The Internet needs a firewall to protect itself from Chuck Norris.
Right now Chuck Norris-infected machines can be used to attack other systems on the Internet, in what are known as distributed denial of service attacks. The botnet can launch a password-guessing dictionary attack on another computer, and it can also change the DNS (Domain Name System) settings in the router. With this attack, victims on the router's network who think they are connecting to Facebook or Google end up redirected to a malicious Web page that then tries to install a virus on their computers.
Which I guess is actually pretty clever. The botnet recruits routers with minimal effort, and gets about as much out of them as it can. Unfortunately for the botnet masters the technique has an obvious Achille's Heel:
Because the Chuck Norris botnet lives in the router's RAM, it can be removed with a restart
Although they also mention
It is controlled via IRC
Which is pretty common for a lot of botnets. This does leave an obvious prevention tactic for ISPs; they could ship out routers configured to reject all IRC traffic. They likely wouldn't receive any complaints as anyone who uses IRC would likely know how to check their routers to ensure the traffic is allowed.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
safe from Chuck Norris??
Bruce Schneier.
in Chuck Norris' network there is no router... packets route themselves out of respect for Chuck Norris...
I'd like to tap the powers of the Slashdot hivemind in seeing whether I might have been roundhouse-kicked by Chuck Norris; ie. has my router been rooted?
A few years ago I bought a Linksys WRT54GL router, in support of it being explicitly Linux compatible (in fact, I bought two of them --I really wanted to send a message to Linksys). I flashed DD-WRT onto it, and had been using it as a usual router through my DSL line, with DHCP, wireless (at first WEP but later WPA), and port forwarding (a high-numbered port would forward from the Internet into the SSH port 22 on my server).
Lately I have had two problems with it: in the past half to one year, I haven't been able to SSH from outside into my server (I can do it within my home network, so the SSH server is not the problem). More recently, I tried to do something-or-other on the net (I think it was play a BZFlag game?) and it said, "Your IP address, , is known to be an open proxy relay so we're not letting you connect."
If I suspect that the problems I've been having are due to malware/crackers, am I being paranoid?
Possible flaws in my security include: I enabled SSHd on the router, password based SSH (but I changed the default password of course), I was broadcasting my wireless SSID (required because my wife's vaunted MS Vista system didn't know how to handle hidden SSID's!), and I was using an old version of DD-WRT that I hadn't bothered to update. (I think it was Build#4000 or something, and the current build is #16000 or something.) However: I only briefly allowed SSH access from the Internet WAN and otherwise limited to SSH access from LAN, and I did not allow router admin access by wireless: the computer would have to be connected by ethernet.
Does DD-WRT have security flaws? Should I switch to something else like OpenWRT or the Tomato Router (or something like that)?
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
This story smells like a hoax to me. All the reports seem to be same, offering no real evidence that such a botnet exists. Knowing the admin password allows local attacker to configure the router and even upload a custom firmware, but remotely zombifying routers is much more difficult.
His chin is another fist, and it disguised itself by growing a beard.
It's like the Chinese proverb of the Perfect Spear versus the Impenetrable Shield thing, you just don't go there. That's why no boxers ever boxed Chuck Norris with his arms and legs tied, just like no wrestlers would wrestle Mike Tyson.
In the NY area at least, all the Verizon DSL Modems are at factory defaults.
So maybe the problem is only with certain ISPs.
Wait.
Isn't the syntactically correct way of saying this:
Chuck Norris does not get a PC virus. PCs get a Chuck Norris virus.
My ISP-provided has a web interface that I can't disable despite my efforts and a tech support backdoor always open. :(
o hai
While it's beyond doubt that Chuck Norris would win in a fight between him and Linux-Based routers. He would have a tougher time if more systems administrators would use KeePass. That should be an interview question and vendors should know better than having default passwords. Otherwise, Chuck Norris will kick your ass.
If you had everything you wanted, you'd just want more.
This sucks because many people igore those devices since they are installed by the ISP.
I don't even think about them. I want them to do as little as possible.
Ruben
http://www.mrbrklyn.com/amsterdam.html http://www.brooklyn-living.com