Is it a robot from a sci-fi book or a character from Futurama? Nope, it's worse! This is an irc bot that infects routers. You read it right. The idea is that people a. leave their routers on all of the time, even though they shut down their PCs, and b. most people don't keep an eye on their router cuz it should just run. It appears to be doing so by taking advantage of vulnerabilites in applications that run on the router such PHPMyAdmin, or MySQL for example. You can read more at the following two links: (at the time of this writing I couldn't get to the first which is the group noted for discovery, the second includes exerpts from members of that group)
Dronebl
irc-junkies
I can't say I'm suprised. I worked on a contract for a company, who shall remain nameless to protect the innocent, who was running FatPipe load balancers which were taken over by a bot, almost 2 years ago. We really didn't do analysis on it to know where it was going but I know it was bot activity as blocking normal IRC ports on the core router stopped the traffic. It's a great but fiendish idea. Make sure your passwords are not easy to guess and keep up on the software/firmware updates for your routers! There are some suggestions for lowering your probability to infection on the Dronebl site.
skip to main |
skip to sidebar
My rational point at the intersection of multiple dimensions in the field of IT security
Blog Archive
About Me
- Curt Shaffer
- GIAC Certified Penetration tester and General IT Security Enthusiast
No comments:
Post a Comment