E-mail Comment Del.icio.us Digg Reddit Technorati Furl

Stealth Router-based Botnet Discovered

Mar 24, 2009 Security News

The guys over at DroneBL, a realtime monitor of abusable IPs, has discovered a botnet they are calling “psyb0t“.

We have come across a botnet worm spreading around called “psyb0t”. It is notable because, according to my knowledge, it:

  • is the first botnet worm to target routers and DSL modems
  • contains shellcode for many mipsel devices
  • is not targeting PCs or servers
  • uses multiple strategies for exploitation, including bruteforce username and password combinations
  • harvests usernames and passwords through deep packet inspection
  • can scan for exploitable phpMyAdmin and MySQL servers

Vulnerable is any Linux MIPSel routing device that has the router administration interface or sshd or telnetd in a DMZ, which has weak username/passwords (including OpenWRT/DD-WRT devices).

Read the whole thing HERE

This entry was posted on Tuesday, March 24th, 2009 at 11:07 and is filed under Security News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>