Chuck Norris Attacks Linux-Based Routers, Modems

← Back to Stories (view on slashdot.org)

Chuck Norris Attacks Linux-Based Routers, Modems

Posted by timothy on Monday February 22, 2010 @01:11AM from the witnesses-awarded-him-both-ears-and-the-tail dept.

angry tapir writes "Discovered by Czech researchers, the Chuck Norris botnet has been spreading by taking advantage of poorly configured routers and DSL modems. The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: 'in nome di Chuck Norris,' which means 'in the name of Chuck Norris.' Chuck Norris is unusual in that it infects DSL modems and routers rather than PCs. It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access."

52 of 193 comments (clear)

Min score:

Reason:

Sort:

As far as misleading headlines go by DavidR1991 · 2010-02-22 01:14 · Score: 5, Funny

this one really takes the cake!
1. Re:As far as misleading headlines go by somersault · 2010-02-22 01:20 · Score: 5, Funny
  
  Actually, I think Chuck Norris would take the cake and use it to asphyxiate the headline, before drop-kicking said headline into the sun.
  
  --
  which is totally what she said
2. Re:As far as misleading headlines go by suso · 2010-02-22 01:36 · Score: 5, Insightful
  
  Yes, this is very misleading. I thought that maybe the Linux network stack was suddenly vulnerable or something, but you're just talking about it taking advantage of default passwords, which is pretty old if you ask me.
  This doesn't necessarily mean that say a Linux router that was installed on PC class hardware and has been kept up to date and properly secured is vulnerable to this botnet.
3. Re:As far as misleading headlines go by Anonymous Coward · 2010-02-22 01:45 · Score: 5, Funny
  
  I've also got to question the sense of naming a botnet like this. Sure it's memorable, but what's to stop Chuck Norris from taking legal action against the researchers who coined the name? I certainly wouldn't want my name associated with a criminal enterprise.
  ...Chuck Norris is a fictional charactor...
4. Re:As far as misleading headlines go by spartacus_prime · 2010-02-22 01:53 · Score: 5, Funny
  
  Actually, I think Chuck Norris would take the cake and use it to asphyxiate the headline, before roundhouse kicking said headline into the sun.
  Fixed that for you.
  
  --
  If you can read this, it means that I bothered to log in.
5. Re:As far as misleading headlines go by Dunbal · 2010-02-22 01:57 · Score: 4, Insightful
  
  Amazing how posts get modded insightful even though they take no time to explain their possition.
  The mod system shares the same flaw as democracy: Morons also have a vote.
  
  --
  Seven puppies were harmed during the making of this post.
6. Re:As far as misleading headlines go by FlyingBishop · 2010-02-22 02:02 · Score: 2, Funny
  
  Bigger problem is the inability to change your vote, and locating positive and negative mods in close proximity to each other so it's easy to accidentally mod someone up/down with no recourse.
7. Re:As far as misleading headlines go by jeffmeden · 2010-02-22 02:17 · Score: 2, Insightful
  
  I will take a shot at this, although I am not the OP. The botnet has little to do with Chuck Norris OR Linux in particular, only that these names come up when investigating it. It is a run of the mill botnet, it takes advantage of default/weak passwords.
8. Re:As far as misleading headlines go by BlueTrin · 2010-02-22 02:21 · Score: 2, Insightful
  
  I am not sure that it is very different to democracy ...
  
  --
  Don't you know it is now both immoral and criminal to think beyond the next quarterly report?
9. Re:As far as misleading headlines go by andi75 · 2010-02-22 02:33 · Score: 3, Informative
  
  If you really screwed up moderating, just post a reply in the same thread, that will undo all your moderations.
10. Re:As far as misleading headlines go by ooshna · 2010-02-22 02:40 · Score: 5, Funny
  
  ...Chuck Norris is a fictional charactor...
  Thats what they said about the fist in his beard
11. Re:As far as misleading headlines go by AttilaSz · 2010-02-22 02:59 · Score: 2, Funny
  
  Yes, he is played by Bruce Schneier.
  
  --
  Sig erased via substitution of an identical one.
12. Re:As far as misleading headlines go by Ltap · 2010-02-22 03:03 · Score: 2, Informative
  
  Actually, he's Carlos Ray Norris and was born in 1940. The actor has the same name as most of his characters. Chuck Norris plays, well, Chuck Norris. Therefore they could even get the double whammy (or roundhouse kick?) of an infringement AND a libel lawsuit.
  
  --
  Yet Another Tech Blog
  (but so much more, including game and movie reviews)
  http://yanteb.peasantoid.org
13. Re:As far as misleading headlines go by Archangel+Michael · 2010-02-22 04:07 · Score: 2, Insightful
  
  Morons also have a vote
  Bush/Cheney
  Obama/Biden
  I see your point. Thanks for depressing me further.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
14. Re:As far as misleading headlines go by Dunbal · 2010-02-22 04:09 · Score: 2, Informative
  
  If only we could do that with politicians....
  Well apparently adding Sarah Palin to your ballot will undo most of your political votes, too.
  
  --
  Seven puppies were harmed during the making of this post.
Is anything by AllyGreen · 2010-02-22 01:21 · Score: 3, Funny

safe from Chuck Norris??
1. Re:Is anything by hvm2hvm · 2010-02-22 02:23 · Score: 4, Funny
  
  If Chuck Norris ever fights himself (like if he goes back in time) he will win. End of story.
  
  --
  ics
2. Re:Is anything by Culture20 · 2010-02-22 02:35 · Score: 2, Insightful
  
  Imagine a Beowulf cluster of time traveling Chuck Norrises fighting each other.
  Please sell the movie rights to your idea. I. Want. To. See. That.
the REAL Chuck Noris by bsDaemon · 2010-02-22 01:22 · Score: 5, Funny

The REAL Chuck Noris wouldn't have to guess the default password, he'd just round-house kick the modem until it let him in without it.
1. Re:the REAL Chuck Noris by Anonymous Coward · 2010-02-22 01:34 · Score: 5, Funny
  
  There is no password behind Chuck Norris' router, there is only another fist.
2. Re:the REAL Chuck Noris by L4t3r4lu5 · 2010-02-22 02:20 · Score: 4, Funny
  
  Chuck Norris has no need of a router. He simply stares at an inexpensive hub until it starts packet switching out of fear.
  
  His last hub was only rebooted once. Rebooted into the sun.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
3. Re:the REAL Chuck Noris by whrde · 2010-02-22 04:26 · Score: 2, Insightful
  
  I thought "Chuck Norris" WAS the master password to all the websites on the internet. Or was that just facebook?
Re:I wonder by MustardAndPizza · 2010-02-22 01:23 · Score: 4, Funny

Duh! Very small rocks.
Stupid jokes incoming in 3...2...1... by selven · 2010-02-22 01:25 · Score: 2, Funny

Not even Bruce Schneier can protect your router from Chuck.
1. Re:Stupid jokes incoming in 3...2...1... by krou · 2010-02-22 01:35 · Score: 5, Funny
  
  The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: 'in nome di Chuck Norris,' which means 'in the name of Chuck Norris.'
  In other news, an Italian programmer was found dead after taking Chuck Norris's name in vain.
  
  --
  'If Christ had tweeted the sermon on the mount, it might have lasted until nightfall.' - John Perry Barlow
2. Re:Stupid jokes incoming in 3...2...1... by rubycodez · 2010-02-22 01:56 · Score: 4, Funny
  
  ...with the impression of a foot in the side of his head
non Linux based routers by viralMeme · 2010-02-22 01:26 · Score: 3, Insightful

'It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access."'

Does this botnet attack also work on non Linux based routers and if so the what is the logic behind the subject line ?
1. Re:non Linux based routers by Flibberdy · 2010-02-22 01:35 · Score: 5, Informative
  
  'It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access."' Does this botnet attack also work on non Linux based routers and if so the what is the logic behind the subject line ?
  No, It requires the router to be running Linux on a MIPS system.
2. Re:non Linux based routers by langelgjm · 2010-02-22 01:35 · Score: 2, Informative
  
  It doesn't help that standard installs of Comcast and Verizon FiOS provided routers not only leave the default administrative usernames and passwords intact, but also enable only WEP security. I know people claim that they have to do this because of compatibility, but really, has anyone bought anything in the last five years that doesn't support WPA? I've seen techs enable WEP for a person with a single Macbook.
  Granted, they don't enable remote access, but really, what is so hard about writing down passwords and taping them to the bottom of the router?
  
  --
  "Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
3. Re:non Linux based routers by Nursie · 2010-02-22 01:48 · Score: 3, Informative
  
  Apparently the nintendo DS, unless some sort of update has been released, only does WEP.
  This is not a good thing.
4. Re:non Linux based routers by Anonymous Coward · 2010-02-22 01:54 · Score: 2, Informative
  
  but really, has anyone bought anything in the last five years that doesn't support WPA?
  Yes. The Nintendo DS and DS Lite only support WEP. They launched in 2004 and 2006, respectively. Only the third iteration of the device (the DSi) has WPA support, but it's less than a year old, and the DS Lite seems to still be selling.
5. Re:non Linux based routers by morgan_greywolf · 2010-02-22 01:55 · Score: 3, Informative
  
  Not so.
  For example, some Linksys routers run Linux, but others run a proprietary VxWorks-based OS. They're all, to my knowledge, based on MIPS processors.
  
  --
  My blog
6. Re:non Linux based routers by Anderu67 · 2010-02-22 02:32 · Score: 2, Interesting
  
  There's no way to update the DS, as the wi-fi stack is built into each game cartridge. Chances are you wouldn't be using a DS online enough to want to lower your security though...
7. Re:non Linux based routers by petermgreen · 2010-02-22 02:58 · Score: 2, Informative
  
  It's worse than that, on the DS games drive the wifi hardware directly so while the DSi does support WPA you can only use it in games that specifically support it.
  
  --
  note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
8. Re:non Linux based routers by Svartalf · 2010-02-22 03:57 · Score: 2, Informative
  
  Currently the Botnet is using the Linux routers- but it's not an overall stretch, if there's any firmware update ability, to imagine someone injecting a similar beastie into the VxWorks versions of the routers if the remote admin functionality is turned on. All that is needed then is configuring to reflash and then doing the same- then the router would be compromised.
  Just because it's VxWorks, it doesn't make it magically safe from being added to the Botnet. It's just that it's not being done now.
  
  --
  I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
9. Re:non Linux based routers by Bootarn · 2010-02-22 04:22 · Score: 2, Informative
  
  One solution is to set up two access points: one with WEP, which is locked down to only access the external network, and only for certain ports, and one with WPA2, which can also access the internal network. Some routers can host multiple virtual access points (multiple interfaces), so there's no need for extra hardware in that case.
  This setup has worked well for me with my DS in the past, although I didn't limit the port range on the WEP access point.
Re:And will the Bruce Lee Bot Net be fighting it? by Xemu · 2010-02-22 01:30 · Score: 4, Funny

Will it be involved in some botnet tournament, fighting over Linksys, D-Link and Netgear routers in a winner takes all competition?
That would be the "Highlander" botnet

--
Tell your friends about xenu.net
Wow, wasn't aware Chuck Norris was a botnet by knewter · 2010-02-22 01:49 · Score: 4, Funny

Am I the only one who was entirely terrified by this headline?

--
-knewter
Try lack of jurisdiction by damn_registrars · 2010-02-22 01:52 · Score: 3, Informative

what's to stop Chuck Norris from taking legal action against the researchers who coined the name?
International boundaries, for one. Likely the author of the software for the botnet does not reside in the US (if that person's location is even known). Chuck Norris can take all the legal action he wants within the US against the botnet author or botnet master, it generally won't mean squat if they are in a different country.

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
1. Re:Try lack of jurisdiction by Sique · 2010-02-22 02:09 · Score: 2, Insightful
  
  Moreso if anyone ever is able to detain the author and the deployer of the software and the operator of the botnet, then the nicknaming of it will be the least of their problems.
  
  --
  .sig: Sique *sigh*
2. Re:Try lack of jurisdiction by FluffyWithTeeth · 2010-02-22 02:10 · Score: 2, Insightful
  
  His name is only written in the source code, which I doubt anyone cares about. The issue is the researchers who decided to call it "The Chuck Norris Botnet" and then publish papers about it, using that name.
3. Re:Try lack of jurisdiction by cbiltcliffe · 2010-02-22 02:38 · Score: 3, Insightful
  
  Despite *our* ability to easily determine that the name has little to actually do with Chuck Norris, a less informed individual wouldn't be able to.
  And that is exactly the problem with the legal system.
  Since when is it my responsibility to make sure you're educated in all the correct fields so that you don't get offended, or misinterpret something I say?
  The fact that someone who's not informed could misunderstand me should not be able to present me with any legal problems at all.
  Unfortunately, it does, because the system sucks.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
Have we found his one weakness? by L4t3r4lu5 · 2010-02-22 02:24 · Score: 2, Funny

Is Chuck Norris really defeated by changing the admin password on your home router?!

That would have made Bruce Lee's job a lot easier.

--
Finally had enough. Come see us over at https://soylentnews.org/
So, and I'm guessing here... by stakovahflow · 2010-02-22 02:43 · Score: 2, Insightful

---
Note to Consumers:
I'm just guessing that the user name is "admin", "Admin", "root", or "user" and the password is either "password", "admin", or "actiontec"...
I've setup some of those modems/routers, mainly for people who went to Best Buy (EEK!) and thought "Hey! That's exactly what I'm looking for! That will work great for my Verizon DSL connection! Hey, it's got the Verizon logo right there!"...
FAIL!
!!!!!!!!!!!
Beware anything branded by an ISP, to begin with... And most devices created for a not-so-security-savvy consumer... If all else fails, have a pro come in and set it up for you...
They will be able to have you reset the password and setup some sort of encryption/authentication for your wireless network...
!!!!!!!!!!!
The problem here is that the default username & password for almost every new (Home-based) router or modem is going to be "admin" & "admin" or "admin" & "password"...
What really needs to be done here is that, by default, the device should not be able to connect to the Interwebz with the default settings. If nothing else, have the external web/console interface blocked... "Security through obscurity", including an odd http/https port is only so effective... And most of the time, in my little bit of experience, it is not that obscure... Once the device is out there, its configuration will be scrutinized and, in most cases, prodded by hackers & crackers alike, for "security" concerns.
And don't give me the "Oh, it's Linux. Secure by default!" bit. Any operating system is only as secure as the person controlling it. If you were to have no clue as to how an internal combustion engine works, would you take on the task of rebuilding your (gas-guzzling) car's engine? Most likely not... Why would you think that you could secure your Internet connection if you have no knowledge of how the Internet and, even more than that, people work?
Just another bad thought...
Cheers!
--Stak

--
Holy happy hippy crap!
Chuck Norris... by DarthVain · 2010-02-22 02:52 · Score: 2, Funny

doesn't need computers in his Botnet, he just ...er infects routers and modems...
and my all time favorite:
Chuck Norris doesn't do push ups. He pushes the planet down.
Re:Linux fanism by mikechant · 2010-02-22 03:15 · Score: 2, Informative

So if Confiker owns Windows boxen it's because Windows is awful and shoddy. But if CN owns Linux boxen it's because they are "misconfigured".
Given that confiker exploited actual bugs in windows which MS had to patch, and that 'Chuck Norris' is exploiting the fact that certain appliance suppliers deliberately 'configured' Linux with a fixed and known id and password, the statement above that you deride is *in this particular case* clearly accurate.
You do understand the difference between an actual bug causing a security problem and a deliberate choice to 'leave the front door open' don't you?
Re:Linux fanism by slimjim8094 · 2010-02-22 03:16 · Score: 2, Informative

Conficker exploited Windows machines with an unpatched security hole. True, Microsoft had patched the hole but it shouldn't have been there in the first place.
Using a default password to gain what is technologically legitimate access to the operating system is not a vulnerability.
It's like phishing - the fact that someone is too stupid to use online banking safely doesn't imply that their computer was hacked.

--
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Chuck Norris will want Forced Vengeance (1982)... by saboola · 2010-02-22 03:56 · Score: 3, Funny

..I can not merely see him suffering Silent Rage (1982) over having a botnet named after him. He will attempt to get the researcher in a legal Code of Silence (1985) using A Force of One (1979) lawyer who will no doubt be Top Dog (1995) in his field.
The manliest movie ever? by RulerOf · 2010-02-22 04:03 · Score: 2, Insightful

Please sell the movie rights to your idea.
Now you've got me thinking... There needs to be a movie, starring Chuck Norris, of course, and a whole slew of people who'll get paid tons of cash due to their notoriety but be left out of the opening credits, where Chuck goes on a non-stop beyond-godlike multinational testosterone-fueled spree of death and pillage, without care for his own safety, in a man-with-nothing-to-lose odyssey to obtain some personally invaluable McGuffin, with obvious spots of intrigue and investigation, HUGE explosions that he just walks out of, and small tactical nukes that he disarms using nothing but his beard, all while his hands are tied behind his back (for the challenge, not because he couldn't break or slip the bonds).

Something like a cross between Taken and 300, only so much manlier that he makes Leonidas look like a pussy.

The world needs more awesome, gripping, extremely manly films that have good plots, and I submit that a decent director and screenwriter need to put Chuck into this role. For all our sakes.

--
Boot Windows, Linux, and ESX over the network for free.
Not always the user's fault by dlgeek · 2010-02-22 04:44 · Score: 2, Interesting

There are a lot of comments here laying the blame on dumb users, and I agree that they're often at fault, but sometimes the ISPs are to blame. I once had a cable provider (Brightstar, in Seattle) that gave me a combination modem/router that only had an extremely basic admin interface available - the only thing I could change was the WPA password. However, if you SSH'd in to the router from the outside (and only from the outside), you could log in with the default administrator username and password (found through google) and reconfigure almost everything through a horribly undocumented text interface. There's almost no way for a normal user to figure this out or change it, and if they did change the password, the ISP (who almost certainly is using this interface for mass-management) would probably be pretty upset.
Jack Bauer by antdude · 2010-02-22 04:57 · Score: 2, Funny

Jack Bauer could do better than Chuck Norris. :-P

--
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
There goes my karma by abbynormal+brain · 2010-02-22 05:10 · Score: 2, Funny

Hook, line and sinker ... I'm a sucker for CH jokes:
1. Who's the only person who can slam a revolving door? A: Chuck Norris
2. When an episode of Walker Texas Ranger was aired in France, the French surrendered to Chuck Norris just to be on the safe side.
3. Superman can compress coal into diamonds. Pffft. Chuck Norris can stretch diamonds back out into coal.
4. Chuck Norris maintains a concealed weapons license in all 50 states just to legally wear pants.
etc

--
L'esperienza de questa dolce vita (The experience of this sweet life) - Dante Alighieri, The Divine Comedy