Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Linksys home broadband kit worm

Comments

  • #2
    White Heart Loon
    Closed Accounts Posts: 1,788 ✭✭✭White Heart Loon


    More malware targeting household routers
    http://arstechnica.com/security/2014/03/hackers-hijack-300000-plus-wireless-routers-make-malicious-changes/


  • #3
    infodox
    Registered Users, Registered Users 2 Posts: 126 ✭✭infodox


    Heh, yeah. I dropped the exploit a few hours after reversing the sample: http://pastebin.com/raw.php?i=6GDbYfmB

    This was shortly followed by "Rew" dropping a second exploit which used the echo -ne stager I had redacted from mine to cripple it a bit. Although, the bind-shell payload is unreliable over WAN as most of these things have firewalls.

    On the funny side, I noticed that the binaries seem to come with lists of IP ranges to scan, and seem to have rather elegantly put together networking protocols using SSL and suchlike, along with a whole "protocol" of messages for infected routers to tell eachother. Honestly looks to me like this is the "stage one" of a peer to peer botnet attempt using the routers. The code quality is also excellent, although the binaries should have been packed a little to save on space...


Advertisement