N.B. I sent an email out last week mentioning this to some folks, but it bears repeating.
There’s a relatively new “botnet” called Psyb0t that is making the rounds mostly in Europe, South America and Asia, that attacks poorly-secured routers that use a specific Linux implementation. Infected routers experience the botnet as a DDoS (Distributed Denial of Service) attack. It is, at this time, not thought to have gotten much penetration into North America, but taking common sense steps to secure your router is easy and ought to be done in any case. ANY router/firewall that uses the specific Linux protocols this botnet targets is vulnerable UNLESS it is properly secured.
The good news is that proerly securing a router/firewall from infection by this botnet is a trivial task.
First, cycle any suspect router (unplug it and wait at least 30 seconds to up to a few minutes before plugging it in again). Apply the latest firmware updates available from the router manufacturer, make sure you have a strong admin password (see below) on the router, and if there’s an option for remote management, make sure it is NOT enabled, unless you have a VERY good reason and do have a strong password at the very least.
Never, never, NEVER install a router and leave it with the default password/logon. Never.
These simple, trivial steps will keep the Psyb0t malware from infecting your router(s). And even if your router doesn’t use the particular protocol this botnet attacks, these simple steps are a Very Good Thing in any case.
A partial list of potentially vulnerable routers/firewalls is available here. Do note I said “potentially vulnerable”. Some of these routers may not use the “little-endian” Linux protocol the botnet targets, and your particular routers/firewalls may already be properly secured.
A strong password will have a minimum of eight characters that are a mixture of upper and lower case letters, numbers and/or symbols that do NOT spell out a word in any language (as far as you can tell–who knows every language? :-)). ANYTHING based on your own personal history, preferences or that of family members is not a good idea, either, as a general practice. And if you must write down passwords, always write them in a notebook that is kept under lock and key, and maintain strict control of the key.
Never share a password without changing it after the reason for sharing it has passed. Indeed, changing passwords on a regular basis on critical devices is a Very Good Thing.
One Reply to “This is NOT an April Fools’ Joke”