Slashdot Mirror


Linux/Moose Worm Targets Routers, Modems, and Embedded Systems

An anonymous reader writes: Security firm ESET has published a report on new malware that targets Linux-based communication devices (modems, routers, and other internet-connected systems) to create a giant proxy network for manipulating social media. It's also capable of hijacking DNS settings. The people controlling the system use it for selling "follows," "likes," and so forth on social media sites like Twitter, Instagram, Vine, Facebook, and Google+. Affected router manufacturers include: Actiontec, Hik Vision, Netgear, Synology, TP-Link, ZyXEL, and Zhone. The researchers found that even some medical devices were vulnerable to the worm, though it wasn't designed specifically to work with them.

2 of 110 comments (clear)

  1. Not news... Use better passwords. by NotARealUser · · Score: 5, Interesting

    This is not a story, and not really a Linux problem. The worm relies on weak passwords to execute code. This is about as newsworthy as telling me that car thieves found a way to exploit Fords that have the keys left in them.

  2. Re:Requires... by bobbied · · Score: 4, Interesting

    Remote management login+password. Telnet connection.

    Neither of which is enabled on our TP-Link router.

    As far as you know.... Unfortunately there are some (dare we say MOST) people out there which don't know enough to turn off such nonsense, not to mention ISP's (like Verizon) who actually open ports unbeknownst to the end user so they can remotely manage your router when you call them with a technical support issue...

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101