Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Results 1 to 9 of 9

    Worm directed at home routers, modems

    This is a discussion on Worm directed at home routers, modems within the Sky Broadband help forums, part of the Sky Broadband help and support category; The Register is running an item on a new and potentially very dangerous worm that's directed at Routers/Modems rather than ...

    1. #1
      dms05's Avatar
      dms05 is offline Sky User Beta tester
      Exchange: 0151
      Broadband ISP: Other ISP
      Router: Non Sky Router
      Sky TV: Other
      Join Date
      Dec 2007
      Location
      Wirral
      Posts
      1,692
      Thanks
      12
      Thanked 52 Times in 50 Posts

      Worm directed at home routers, modems

      The Register is running an item on a new and potentially very dangerous worm that's directed at Routers/Modems rather than the computer. It says "Vulnerable devices include any home router or modem that uses Linux Mipsel, has an administration interface, sshd, or telnet in a DMZ, and employs a weak password".

      As by default almost all Routers use Admin as the User_Name and a simple Password then by default manyl home networks are vunerable.

      So at the very least change your SSID and use a Secure Password.

      The full article is Worm breeds botnet from home routers, modems ? The Register


    2. Advertisement
    3. #2
      Undecided Adrian's Avatar
      Undecided Adrian is offline Sky User Member
      Exchange: Stevenage
      Broadband ISP: BT
      Router: Non Sky Router
      Sky TV: Sky+ HD
      Join Date
      May 2007
      Posts
      2,539
      Thanks
      1
      Thanked 23 Times in 21 Posts

      Re: Worm directed at home routers, modems

      Yeah NewScientist ran a similar story months ago, apparently one researcher reckoned they could knock out about 40% of New York in about 1 day.

      Good job I don't use wireless any more and that it's turned off.
      I'm a PC, and Windows 7 Backup saved my sanity when BitDefender imploded !!!

    4. #3
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      34,131
      Thanks
      64
      Thanked 1,641 Times in 1,602 Posts

      Re: Worm directed at home routers, modems

      I don't think this applies to wireless networks. According to the research document it applies to certain routers, the Netcomm NB5 ADSL in particular, although other devices can be effected. The attack comes 'down the wire' so to speak.

      Netcomm NB5 ADSL http://www.adam.com.au/bogaurd/PSYB0T.pdf

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      http://www.nirsoft.net/utils/wifi_information_view.html/ TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





    5. #4
      Proppinupthebar's Avatar
      Proppinupthebar is offline Sky User Beta tester
      Exchange: Locks Heath
      Broadband ISP: Sky Max
      Router: Sagem F@ST 2504
      Sky TV: 2*Sky+, Sky+ HD
      Join Date
      Nov 2007
      Posts
      962
      Thanks
      1
      Thanked 4 Times in 4 Posts

      Re: Worm directed at home routers, modems

      So no problem if you haven't enabled remote management. In fact I don't seem to be able to turn on remote management on my Sagem V2.

    6. #5
      dms05's Avatar
      dms05 is offline Sky User Beta tester
      Exchange: 0151
      Broadband ISP: Other ISP
      Router: Non Sky Router
      Sky TV: Other
      Join Date
      Dec 2007
      Location
      Wirral
      Posts
      1,692
      Thanks
      12
      Thanked 52 Times in 50 Posts

      Re: Worm directed at home routers, modems

      This isn't a problem with Wireless it's a problem for anyone who access the Internet using a Modem with or without a Router. It's the first of a new type of attack that can only get worse as the worm developers become more expert and release more advanced versions. The psyb0t worm is just a first attempt. I'm sure someone will release a list of modem/routers that are liable to attack but in the short term the simple answer is to change the default settings for SSID and the User_Name and/or Password. As many routers have <admin> as a fixed User_Name then applying a secure Password would seem sensible.

    7. #6
      Proppinupthebar's Avatar
      Proppinupthebar is offline Sky User Beta tester
      Exchange: Locks Heath
      Broadband ISP: Sky Max
      Router: Sagem F@ST 2504
      Sky TV: 2*Sky+, Sky+ HD
      Join Date
      Nov 2007
      Posts
      962
      Thanks
      1
      Thanked 4 Times in 4 Posts

      Re: Worm directed at home routers, modems

      Quote Originally Posted by dms05 View Post
      This isn't a problem with Wireless it's a problem for anyone who access the Internet using a Modem with or without a Router. It's the first of a new type of attack that can only get worse as the worm developers become more expert and release more advanced versions. The psyb0t worm is just a first attempt. I'm sure someone will release a list of modem/routers that are liable to attack but in the short term the simple answer is to change the default settings for SSID and the User_Name and/or Password. As many routers have <admin> as a fixed User_Name then applying a secure Password would seem sensible.
      But as I've already said its only a problem if you have remote management turned on. Remote management allows people on the internet access to the GUI's via the username and password, if its turned off then no access except from the internal LAN.

    8. #7
      dms05's Avatar
      dms05 is offline Sky User Beta tester
      Exchange: 0151
      Broadband ISP: Other ISP
      Router: Non Sky Router
      Sky TV: Other
      Join Date
      Dec 2007
      Location
      Wirral
      Posts
      1,692
      Thanks
      12
      Thanked 52 Times in 50 Posts

      Re: Worm directed at home routers, modems

      I think the point of this worm is it attacks the PC first and gains access to the LAN from the user side, it then infects the router/modem and allows external access (maybe by turning the Remote Management on?). In any case a simple change of SSID and Password will make you much more secure - as it always did, but how many people bothered?

    9. #8
      Undecided Adrian's Avatar
      Undecided Adrian is offline Sky User Member
      Exchange: Stevenage
      Broadband ISP: BT
      Router: Non Sky Router
      Sky TV: Sky+ HD
      Join Date
      May 2007
      Posts
      2,539
      Thanks
      1
      Thanked 23 Times in 21 Posts

      Re: Worm directed at home routers, modems

      That's what the detailed report said, when they did a site survey of Manhatten they found a shocking large amout of routers sent in default states which could be got at with little or no problems.
      I'm a PC, and Windows 7 Backup saved my sanity when BitDefender imploded !!!

    10. #9
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      34,131
      Thanks
      64
      Thanked 1,641 Times in 1,602 Posts

      Re: Worm directed at home routers, modems

      But as I've already said its only a problem if you have remote management turned on. Remote management allows people on the internet access to the GUI's via the username and password, if its turned off then no access except from the internal LAN.
      I don't think that is the case according to the report telnet access is the weak link-
      Not all versions of the NB5 are susceptible to this attack. If the modem presents a telnet interface to its WAN interface, and the default password has not been changed, then it is susceptible.
      I think the Sky routers have Telnet disabled by default so they should be safe from this type of attack. Changing the password is of course recommended. The 'backdoor' discovered by James some months ago is probably a more severe threat, at least to the V1 routers.

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      http://www.nirsoft.net/utils/wifi_information_view.html/ TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





     

     

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2017. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION