Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attackers Install Highly Persistent Malware Implants On Cisco Routers

Posted by timothy on from the managers-value-persistence dept.

itwbennett writes: Researchers from Mandiant have detected a real-world attack that has installed rogue firmware on Cisco business routers in four countries. The router implant, dubbed SYNful Knock, implements a backdoor password for privileged Telnet and console access and also listens for commands contained in specifically crafted TCP SYN packets — hence the name SYNful Knock. In the cases investigated by Mandiant the SYNful Knock implant was not deployed through a vulnerability, but most likely through default or stolen administrative credentials.

2 of 168 comments (clear)

  1. Really? by EmeraldBot · · Score: 3, Funny

    hence the name "SYNful Knock"

    ACK! That pun was SYNful too!

    --
    "Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
  2. Re:'highly persistent' by bobbied · · Score: 5, Funny

    Hyperbole much?

    Yes, we ALWAYS do, EVERY time, without fail and without exception.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101