Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lizard Stresser DDoS-for-Hire Service Built On Hacked Home Routers

Posted by Soulskill on from the go-change-your-parents'-router-credentials dept.

tsu doh nimh writes: The online attack service launched late last year by the same criminals who knocked Sony and Microsoft's gaming networks offline over the holidays is powered mostly by thousands of hacked home Internet routers, reports Brian Krebs. From the story: "The malicious code that converts vulnerable systems into stresser bots is a variation on a piece of rather crude malware first documented in November by Russian security firm Dr. Web, but the malware itself appears to date back to early 2014. As we can see in that writeup, in addition to turning the infected host into attack zombies, the malicious code uses the infected system to scan the Internet for additional devices that also allow access via factory default credentials, such as 'admin/admin,' or 'root/12345.' In this way, each infected host is constantly trying to spread the infection to new home routers and other devices accepting incoming connections (via telnet) with default credentials.

7 of 65 comments (clear)

  1. Dark side by ArcadeMan · · Score: 5, Funny

    the malicious code uses the infected system to scan the Internet for additional devices that also allow access via factory default credentials, such as 'admin/admin,' or 'root/12345.'

    Dark Helmet: So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!

    --
    Get free satoshi (Bitcoin) and Dogecoins
    1. Re:Dark side by Anonymous Coward · · Score: 3, Funny

      the malicious code uses the infected system to scan the Internet for additional devices that also allow access via factory default credentials, such as 'admin/admin,' or 'root/12345.'

      Dark Helmet: So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!

      President Skroob: Did it work? Where's the king?
      Dark Helmet: It worked, sir. We have the combination.
      President Skroob: Great. Now we can take every last breath of fresh air from Planet Druidia. What's the combination?
      Colonel Sandurz: 1-2-3-4-5
      President Skroob: 1-2-3-4-5?
      Colonel Sandurz: Yes!
      President Skroob: That's amazing. I've got the same combination on my luggage.

  2. Re:Why a default? by Anonymous Coward · · Score: 4, Funny

    Because it would be an exceptionally onerous burden to bear to, say, randomly generate a password that gets printed on a piece of paper that ships with the router.

    We are not gods, after all.

  3. Re:Why a default? by ledow · · Score: 4, Insightful

    You already have to do that with the MAC, the s/n, etc. so what difference does it make?

    Just make the default password be the serial number of the device.

  4. Re:Why a default? by vux984 · · Score: 4, Insightful

    Why do all routers of the same model need to come with the same initial credentials?

    It makes printing the manual and setup instructions easier.

    It makes writing any 'plug-in-and-configure' style utilities easier.

    It makes providing support easier.

    It saves a step of changing the password for each unit after its made and flashed, documenting the new password, and including a printout of that new password in the shipping materials.

  5. Re:Why a default? by richy+freeway · · Score: 3

    I'll just leave this here : http://www.cbits.co.uk/ourblog...

  6. Re:Why a default? by Fwipp · · Score: 4, Insightful

    I'd like to see the router simply refuse to communicate with the outside world until that username/password combo is changed. You can print the default user/password right on the device, so when you forget the password you can simply reset to factory settings - and trying to access any site will instead redirect you to a "Hey, change this password!" notice.