psyb0t worm on Linksys

More information has surfaced about the botnet “psyb0t,” the first known to be capable of directly infecting home routers and cable/DSL modems.

It was first observed infecting a Netcomm NB5 modem/router in Australia.

The Word is spreading of Psyb0t that is going around and compromising the home routers with the default login for the device. According to published numbers around 80,000-100,000 Linksys and Netgear routers have been affected by Psyb0t. It is important note there are a couple of criteria that must be met before your router can be exploited via Psyb0t. First, the router must be a MIPS device (x86 devices are not vulnerable to Psyb0t). Second, it has to be configured to be administered remotely (from the internet, not the local LAN), and third it needs to be using the default password that the device was originally configured with (a common insecure practice).

Although Psyb0t is the first botnet alleged to be exploiting home routers, the concept of compromising routers with default passwords is not a new one.

At their core, these home routers are mini computers, susceptible to attack and infection if proper precautions are not made to protect them. Default passwords for just about every router made are trivial to find on the internet. In fact, there are sites setup, like, that allow you to select the manufacturer of the router and it will tell you the default password based on their known models. Be sure to secure all layers of your home or business (plenty of SOHO businesses use standard Cable/DSL modems for their internet connectivity) network. Never assume that this is being done by someone else or that it is someone else's responsibility. The default settings on most of the gear that you will buy are setup such that initial access and administration of the device is easy (reduces support costs and angry customers). From there it is up to you to make sure best practices are followed to keep your network and data secure from outside intrusion.

No comments:

Post a Comment