Police dismantles botnet selling hacked routers as residential proxies

Parkinsond

Parkinsond

Level 62
Thread author
Verified
Well-known
Dec 6, 2023
5,193
14,824
6,069
Content source
https://www.bleepingcomputer.com/news/security/police-dismantles-botnet-selling-hacked-routers-as-residential-proxies/
Court documents show that the now-dismantled botnet infected older wireless internet routers worldwide with malware since at least 2004, allowing unauthorized access to compromised devices to be sold as proxy servers on Anyproxy.net and 5socks.net. The two domains were managed by a Virginia-based company and hosted on servers globally.
Click to expand...

thehackernews.com

BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation

Dutch and U.S. law enforcement have dismantled a long-running criminal proxy botnet powered by over 7,000 infected IoT and end-of-life (EoL) devices
thehackernews.com thehackernews.com

@Marko :)
 
Last edited by a moderator:
  • Like
Reactions: Zero Knowledge, Jonny Quest, piquiteco and 2 others
Read the article(s) carefully.
"Recently, some routers at end of life, with remote administration turned on, were identified as compromised by a new variant of TheMoon malware. This malware allows cyber actors to install proxies on unsuspecting victim routers and conduct cyber crimes anonymously," the FBI said.
Click to expand...
Have you ever wondered why your router has built-in firewall? Exactly for cases like this. If you turn the firewall off, your router page will be available to anyone typing just your IP address into the address bar of their web browser. These hacked routers even had remote administration feature enabled which made their job even easier. And I bet they had admin/pass combo for log in.

If they had enabled firewall, disabled remote administration, secure account username and password, even with outdated firmware, hackers wouldn't be able to install malicious firmware on those routers. Simple as that.

Take a look at my country (Croatia) on the map Bleeping Computer published. We are in the white, while neighboring Slovenia is blue. Now... I don't know the policy in Slovenia, but in Croatia, ISPs tend to limit the settings user can change. You can't turn firewall off, you can't enable remote administration; heck even option to upgrade firewall is gone. Default account details are changed too (usually ISP name & serial number of the device; these are written on the bottom of the router). This is why we don't have hacked routers.
 
  • Like
Reactions: Jonny Quest and Parkinsond
Marko :) said:
Read the article(s) carefully.

Have you ever wondered why your router has built-in firewall? Exactly for cases like this. If you turn the firewall off, your router page will be available to anyone typing just your IP address into the address bar of their web browser. These hacked routers even had remote administration feature enabled which made their job even easier. And I bet they had admin/pass combo for log in.

If they had enabled firewall, disabled remote administration, secure account username and password, even with outdated firmware, hackers wouldn't be able to install malicious firmware on those routers. Simple as that.

Take a look at my country (Croatia) on the map Bleeping Computer published. We are in the white, while neighboring Slovenia is blue. Now... I don't know the policy in Slovenia, but in Croatia, ISPs tend to limit the settings user can change. You can't turn firewall off, you can't enable remote administration; heck even option to upgrade firewall is gone. Default account details are changed too (usually ISP name & serial number of the device; these are written on the bottom of the router). This is why we don't have hacked routers.
Click to expand...
I have my modem router firewall set to max.
But unfortunately, some of remote management options are greyed out; unticked the remainder.

2025-05-11_01-29-13.png
 
Last edited by a moderator:
  • Like
Reactions: Marko :) and Zero Knowledge
Parkinsond said:
I have my modem router firewall set to max.
But unfortunately, some of remote management options are greyed out; unticked the remainder.

View attachment 288541
Click to expand...
Let me guess... you got this router from an ISP?

They control these remote management settings because they need access in order to help you if something goes wrong. I just hope they have protections in place so hackers can't abuse them like it was the case with Cox where their remote access API was vulnerable to attacks.

Our ISPs do the same, but have a strong protections in place because of EU law. They don't want to be fined and then sued by the users.
 
Last edited:
  • Like
Reactions: Parkinsond
Marko :) said:
Let me guess... you got this router from an ISP?

They control these remote management settings because they need access in order to help you if something goes wrong. I just hope they have protections in place so hackers can't abuse them like it was the case with Cox where their remote access API was vulnerable to attacks.

Our ISPs do the same, but have a strong protections in place because of EU law. They don't want to be fined and then sued by the users.
Click to expand...
I doubt they have 🥺
 
  • Sad
Reactions: Marko :)
You must log in or register to reply here.

You may also like...