Security News Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
A sophisticated proxy code has infected hundreds of thousands of devices already.

A fresh botnet is spreading across the landscape, targeting router equipment. So far, hundreds of thousands of bot endpoints have already been identified, and they’re apparently being marshaled to send out massive amounts of spam.

The botnet first emerged in September, according to 360Netlab telemetry, which dubbed it BCMUPnP_Hunter. It’s so-named because of its penchant for infecting routers that have the BroadCom Universal Plug and Play (UPnP) feature enabled. The botnet takes advantage of a known vulnerability in that feature, which was discovered in 2013.

Multilayered Proxy Architecture
...
...

A closer look at the scans show that 116 different types of devices have been infected, including router models from ADB, Broadcom, D-Link, Digicom, Linksys/Cisco, NetComm, UTStarcom, ZyXEL and others.

To protect against botnet infection, users should update their routers to the latest firmware versions.
 

spaceoctopus

Level 16
Verified
Top Poster
Content Creator
Well-known
Jul 13, 2014
766
Those guys doing all these bad stuffs, they know that it is a weak spot in someone's security. Usually we take precautions concerning our devices such as Pcs and smartphones, but rare are those who take a closer look at their router.

@ticklemefeet Most ISPs sadly behave like that, perhaps because that it is them who 'own' the internet connection. So they do what they want until there is a serious problem of some important backlash from the users.
 

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
The problem is most companies do not update their routers and even test companies do not release all Infos and thereby just protect "lazy" companies ...e.g.some weeks ago the ACI provided scaring facts..... I asked them to specify what models did not have vulnerabilities....they said they won't....maybe in the next test if manufacturer don't fix them till then.
In my opinion this does not make any sense, definitively for a consumer Institute that should protect consumers.
How can you buy a (at the moment) safe router if they don't tell you which tested model had no known vulnerabilities???


Security Alert - New study finds 5 of every 6 routers are inadequately updated for security flaws
 

McLovin

Level 76
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,222
The only reason I use my ISP's router, is because when the NBN (internet) goes down it has a sim card you can put it so I use the 4G network towers when internet goes down. Mind you I will be swapping to Ubiquity products soon.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top