Re: Can a router be 'infected'?

From: "Todd H." <comphelp@xxxxxxxxx>


| Yes, a router can be infected. See below.

| "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:
Yes, there are some 3rd party firmware for a couple of Wireless
Linksys Routers. So there is the possibility that a malicious
firmware could be conceived.

| David,

| You're a bit behind on this impression i'm afraid. It's way more than
| a couple. And it's way more than Linksys:
| http://www.dd-wrt.com/wiki/index.php/Supported_Devices

| OpenWRT and Tomato are other popular third party open source firmware
| distro's that are basically stripped down Linux for the broadcom
| platform.

| And to the original poster's question, yes, there are worms for
| routers. dd-wrt main page has a link to the psybot worm:
| http://www.dd-wrt.com/dd-wrtv3/index.php
| specifically
|
| http://www.dd-wrt.com/dd-wrtv3/community/developmentnews/1-common/31-router-worm.html


Thank you Todd. You provided information that shows I'm NOT up-to-date and wrong.
http://www.adam.com.au/bogaurd/PSYB0T.pdf

"As described in the Drone BL Blog the worm works with a brute force attack using
dictonary based random passwords"..."As far as we know the worm does not yet install
itself resistant ..."

http://www.eset.com/threat-center/blog/?p=810
"This bot looks interesting, though, in that it doesn?t seem to target PCs (at least, not
for recruiting as drones): instead, it targets routers and DSL modems, containing
shellcode for a number of mipsel devices (that is, devices running on an architecture
supported by some flavours of embedded linux), and including some wrinkles that would make
it difficult for a home user to get back control of their router, even if they became
aware of the problem."


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


.

Relevant Pages

  • RE: [fw-wiz] Worms, Air Gaps and Responsibility
    ... Cisco routers and HP printers. ... I had $20 on a worm that spreads through ...
    (Firewall-Wizards)
  • Re: Can a router be infected?
    ... Linksys Routers. ... OpenWRT and Tomato are other popular third party open source firmware ... dd-wrt main page has a link to the psybot worm: ...
    (alt.computer.security)
  • Re: a real way to stop an http based worm
    ... a real way to stop an http based worm ... suggest respectfully that routers are the first step to start of with, ... Those peering agreements, most do NOT allow blocking of any traffic, are a ... against any current worm, but also a fast and sure defense against new ones. ...
    (Vuln-Dev)
  • RE: nimda tries to send mail after reboot
    ... nimda tries to send mail after reboot ... routers. ... > Messages bearing the worm are starting to trickle in, ...
    (Incidents)
  • Re: [Full-disclosure] Cisco IOS Shellcode Presentation
    ... > network since a local network segment is usually defined as the wire between ... > two routers.. ... Infection would spread from one router to it's peers, ... successful as a self propagating worm in large scale. ...
    (Full-Disclosure)
Quantcast