Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux/Moose Worm Targets Routers, Modems, and Embedded Systems

Posted by Soulskill on from the moose-is-the-penguin's-natural-enemy dept.

An anonymous reader writes: Security firm ESET has published a report on new malware that targets Linux-based communication devices (modems, routers, and other internet-connected systems) to create a giant proxy network for manipulating social media. It's also capable of hijacking DNS settings. The people controlling the system use it for selling "follows," "likes," and so forth on social media sites like Twitter, Instagram, Vine, Facebook, and Google+. Affected router manufacturers include: Actiontec, Hik Vision, Netgear, Synology, TP-Link, ZyXEL, and Zhone. The researchers found that even some medical devices were vulnerable to the worm, though it wasn't designed specifically to work with them.

7 of 110 comments (clear)

  1. Finally, a use for facebook. by BarbaraHudson · · Score: 5, Funny

    The people controlling the system use it for selling "follows," "likes," and so forth on social media sites like Twitter, Instagram, Vine, Facebook, and Google+.

    I like it :-)

    --
    "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  2. No worries mate by Anonymous Coward · · Score: 5, Informative

    The Moose worm does not rely upon any underlying vulnerability in the routers – it is simply taking advantage of devices that have been weakly configured with poorly chosen login credentials.

    1. Re:No worries mate by cusco · · Score: 4, Informative

      The simple fact that you can leave the device with a default password encompasses several levels of stupidity. 1) Programmers who do not require password to be changed, 2) Manufacturers who will install that firmware, 3) Customers who leave it that way. Level 3 shouldn't even be possible except for stupidity and laziness in Level 1 and 2.

      --
      "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
  3. So basically . . . by Anonymous Coward · · Score: 4, Funny

    . . . turn on remote administration and leave the default username/password and you get m00sed? Cool.

    A Møøse once bit my sister... No realli! She was Karving her initials on the møøse with the sharpened end of an interspace tøøthbrush given her by Svenge - her brother-in-law - an Oslo dentist and star of many Norwegian møvies: "The Høt Hands of an Oslo Dentist", "Fillings of Passion", "The Huge Mølars of Horst Nordfink"...

  4. Not news... Use better passwords. by NotARealUser · · Score: 5, Interesting

    This is not a story, and not really a Linux problem. The worm relies on weak passwords to execute code. This is about as newsworthy as telling me that car thieves found a way to exploit Fords that have the keys left in them.

    1. Re:Not news... Use better passwords. by gstoddart · · Score: 4, Insightful

      Oh, I don't know ... the steaming shitpile which is the state of security on consumer electronics bears repeating.

      Because apparently it isn't going to go away any time soon.

      --
      Lost at C:>. Found at C.
  5. Re:Requires... by bobbied · · Score: 4, Interesting

    Remote management login+password. Telnet connection.

    Neither of which is enabled on our TP-Link router.

    As far as you know.... Unfortunately there are some (dare we say MOST) people out there which don't know enough to turn off such nonsense, not to mention ISP's (like Verizon) who actually open ports unbeknownst to the end user so they can remotely manage your router when you call them with a technical support issue...

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101