AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
When credentials are found and remote administration has been turned on, the exploit then makes the routers part of a botnet thats used in a host of online attacks, researchers said on Tuesday.Muhstik has also been caught using vulnerabilities in routers that use Gigabit Passive Optical Network (GPON) or DD-WRT software.The botnet has also exploited previously patched vulnerabilities in other server applications, including the Webdav, WebLogic, Webuzo, and WordPress.The ability to work with virtual private networks and provide advanced quality of service control make Tomato popular with end users and in some cases router sellers.
Remote administration is turned off by default in Tomato and DD-WRT, so exploits require this setting to be changed. The infection also causes the routers to scan the Internet for servers or devices running WordPress, Webuzo, or WebLogic packages that are vulnerable. The image below shows the execution flow of the new variant as it combines various modules that scan the Internet for vulnerable servers. Muhstik relies on multiple command-and-control domains and IP addresses, presumably for redundancy in the event one gets taken down. The Muhstik name comes from a keyword that pops up in the exploit code. ![]() End users should be cautious when installing open source firmware and must follow the security guidelines in the firmware manual. Although Muhstik has been known to exploit firmware vulnerabilities in GPON and DD-WRT, theres no indication the new variants are using any flaws in Tomato. That suggests that weak passwords are the sole means the botnet has for taking control of routers. People should make sure they have updated the default credentials with a strong password. Tomato On Linksys E3200 Software Registration On AnyUse of andor registration on any portion of this site constitutes acceptance of our User Agreement (updated 1120) and Privacy Policy and Cookie Statement (updated 1120) and Ars Technica Addendum (effective 8212018). Your California Privacy Rights Do Not Sell My Personal Information The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Cond Nast.
0 Comments
Read More
Leave a Reply. |