A 100,000-Router Botnet Is Feeding On a 5-Year-Old UPnP Bug In Broadcom Chips

An anonymous reader quotes a report from Ars Technica: A recently discovered botnet has taken control of an eye-popping 100,000 home and small-office routers made from a range of manufacturers, mainly by exploiting a critical vulnerability that has remained unaddressed on infected devices more than five years after it came to light. Researchers from Netlab 360, who reported the mass infection late last week, have dubbed the botnet BCMUPnP_Hunter. The name is a reference to a buggy implementation of the Universal Plug and Play protocol built into Broadcom chipsets used in vulnerable devices. An advisory released in January 2013 warned that the critical flaw affected routers from a raft of manufacturers, including Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, and US Robotics. The finding from Netlab 360 suggests that many vulnerable devices were allowed to run without ever being patched or locked down through other means. Last week's report documents 116 different types of devices that make up the botnet from a diverse group of manufacturers. Once under the attackers' control, the routers connect to a variety of well-known email services. This is a strong indication that the infected devices are being used to send spam or other types of malicious mail.

Re:Is mine one of them?

[ledow]

No.

They don't.

And if they do, stop buying them.

But they don't.

Literally, it's "auto-port-forwarding". Any printer that NEEDS that, you don't want. Not even Google Cloud Print requires that.

WPS is entirely unrelated.
UPnP "Discovery" over the local network is entirely unrelated (and not affected by turning off UPnP on the router) - that's the only mention of UPnP that I can find on any of Canon's sites... they are talking about allowing UPnP through the software firewall on a client machine so it can talk over the local network - NOT on the router at all.