Security News Widely used D-Link modem/router under mass attack by potent IoT botnet

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://arstechnica.com/information-technology/2018/06/widely-used-d-link-modemrouter-under-mass-attack-by-potent-iot-botnet/
Malicious hackers are mass exploiting a critical vulnerability in D-Link DSL routers in an attempt to make them part of Satori, the potent Internet-of-things botnet that is used to take down websites and mine digital coins, researchers said.

Since making its debut late last year, Satori has proven to be a particularly versatile and sophisticated botnet. It made a name for itself in December when it infected more than 100,000 Internet-connected devices in just 12 hours by exploiting remote code-execution vulnerabilities in Huawei and RealTek routers. A month later, Satori operators released a new version that infected devices used to mine digital coins, proving that the IoT botnet could also take control of more traditional computing devices. In February, Satori resurfaced when it infected tens of thousands of routers manufactured by Dasan Networks.
Click to expand...

Over the past five days, researchers said, Satori has started mass exploiting a critical vulnerability in the D-Link DSL 2750B, a combination router and DSL modem that’s used by subscribers of Verizon and other ISPs. Attack code exploiting the two-year-old remote code-execution vulnerability was published last month, although Satori’s customized payload delivers a worm. That means infections can spread from device to device with no end-user interaction required. D-Link’s website doesn’t show a patch being available for the unindexed vulnerability, and D-Link representatives didn’t respond to an email seeking comment for this post.


Researchers with Netlab 360 first reported Satori was exploiting the D-Link vulnerability in a blog post published Friday. They also said Satori had started exploiting a vulnerability in a router made by XiongMai. On Tuesday, researchers from Radware reported seeing an “exponential increase in the number of attack sources” for attacks on both the D-Link and XiongMai devices.
Click to expand...
 
  • Like
Reactions: Daviworld, Weebarra, silversurfer and 3 others
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
The D-Link router is pretty old and it's latest firmware is from 15/05/2013 and as I doubt D-Link will bother release an update it's probably best to throw this out and change if possible. If Verizon wants to supply routers it's also there damn responsibility IMO to have routers that gets regular updates or otherwise don't supply it at all.

DSL‑2750B - Wireless N300 ADSL2+ Modem Router
 
  • Like
Reactions: Daviworld, oldschool, LASER_oneXM and 3 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
D-Link WiFi range extender vulnerable to command injection attacks
Replies
0
Views
1,158
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
MuzzMelbourne
    • Like
    • +Reputation
Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices
Replies
2
Views
1,140
News Archive
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • Like
Mozi malware botnet goes dark after mysterious use of kill-switch
Replies
1
Views
531
News Archive
ForgottenSeer 97327
F

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top