Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux/Moose Worm Targets Routers, Modems, and Embedded Systems

Posted by Soulskill on from the moose-is-the-penguin's-natural-enemy dept.

An anonymous reader writes: Security firm ESET has published a report on new malware that targets Linux-based communication devices (modems, routers, and other internet-connected systems) to create a giant proxy network for manipulating social media. It's also capable of hijacking DNS settings. The people controlling the system use it for selling "follows," "likes," and so forth on social media sites like Twitter, Instagram, Vine, Facebook, and Google+. Affected router manufacturers include: Actiontec, Hik Vision, Netgear, Synology, TP-Link, ZyXEL, and Zhone. The researchers found that even some medical devices were vulnerable to the worm, though it wasn't designed specifically to work with them.

9 of 110 comments (clear)

  1. Finally, a use for facebook. by BarbaraHudson · · Score: 5, Funny

    The people controlling the system use it for selling "follows," "likes," and so forth on social media sites like Twitter, Instagram, Vine, Facebook, and Google+.

    I like it :-)

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  2. No worries mate by Anonymous Coward · · Score: 5, Informative

    The Moose worm does not rely upon any underlying vulnerability in the routers – it is simply taking advantage of devices that have been weakly configured with poorly chosen login credentials.

    1. Re:No worries mate by cusco · · Score: 4, Informative

      The simple fact that you can leave the device with a default password encompasses several levels of stupidity. 1) Programmers who do not require password to be changed, 2) Manufacturers who will install that firmware, 3) Customers who leave it that way. Level 3 shouldn't even be possible except for stupidity and laziness in Level 1 and 2.

      --
      "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
    2. Re:No worries mate by fuzzyfuzzyfungus · · Score: 3, Interesting

      It's news not because of OS(I don't know if they bothered; but exploits at the 'just use the default password against the external telnet interface' level would work against basically any OS, and the only real obstacle to executing a payload with the functions described would be that some of the really nasty VXworks-based devices are so RAM-starved that they can barely do their job, much less run malware at the same time); but because the security of nearly all 'consumer', and a disturbing number of more expensive, embedded devices is still utter shit.

      It is bad enough that such plastic-box devices typically are shipping software well behind the curve(2.6X kernels, http servers with vulnerabilities that were closed upstream months before the device in question was released, that sort of thing); but 'default configuration leaves telnet listening on the WAN port, with weak credentials for root login' goes well beyond 'bug' and right into 'We Just Don't Care' territory. Even better, the same damn story has been true for at least the past decade, probably longer(though its importance has increased as the cost has fallen and number of little embedded boxes lurking around has skyrocketed).

      At least on the desktop and server, some of the worst insecure-by-default atrocities have been ironed out, so attackers are now moderately likely to need to use vaguely clever vulnerabilities(even if they can often get away with ones that were patched months ago) or social engineering; but embedded crap hasn't even reached that level of security.

      The fact that telnet is even there(outside of 'recovery' scenarios, where the emergency nature of the situation and availability of only the most limited resources make super-simple protocols like telnet and TFTP valuable) when OpenSSH has been available for the last 15 years, and less liberally licensed versions a bit longer, is disgusting in itself. Having it on the WAN, much less by default, is just depraved.

  3. So basically . . . by Anonymous Coward · · Score: 4, Funny

    . . . turn on remote administration and leave the default username/password and you get m00sed? Cool.

    A Møøse once bit my sister... No realli! She was Karving her initials on the møøse with the sharpened end of an interspace tøøthbrush given her by Svenge - her brother-in-law - an Oslo dentist and star of many Norwegian møvies: "The Høt Hands of an Oslo Dentist", "Fillings of Passion", "The Huge Mølars of Horst Nordfink"...

  4. Not news... Use better passwords. by NotARealUser · · Score: 5, Interesting

    This is not a story, and not really a Linux problem. The worm relies on weak passwords to execute code. This is about as newsworthy as telling me that car thieves found a way to exploit Fords that have the keys left in them.

    1. Re:Not news... Use better passwords. by gstoddart · · Score: 4, Insightful

      Oh, I don't know ... the steaming shitpile which is the state of security on consumer electronics bears repeating.

      Because apparently it isn't going to go away any time soon.

      --
      Lost at C:>. Found at C.
    2. Re:Not news... Use better passwords. by countSudoku() · · Score: 3, Funny

      Okay, here you go:

      I routinely "break into" fellow admin's Windows systems when they leave without locking their screen! Fucking Windows!

      --
      This is the NSA, we're gonna geet U h@x0r5! Also, what is a h@x0r5?
  5. Re:Requires... by bobbied · · Score: 4, Interesting

    Remote management login+password. Telnet connection.

    Neither of which is enabled on our TP-Link router.

    As far as you know.... Unfortunately there are some (dare we say MOST) people out there which don't know enough to turn off such nonsense, not to mention ISP's (like Verizon) who actually open ports unbeknownst to the end user so they can remotely manage your router when you call them with a technical support issue...

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101