Large DDoS Botnet Of Tens Of Thousands Of Routers Discovered

Researchers have discovered a worldwide botnet consisting of tens of thousands of hijacked routers and is used to carry out DDoS attacks on websites. Reported security Incapsula in a new report . Although the hijacked routers were found in 109 different countries, found that a majority (85%) is located in Brazil and Thailand.

The routers are in turn controlled via servers which are in China and the United States. The researchers thought initially that the routers were acquired via a vulnerability in the firmware. Further investigation showed, however, that all devices were accessible through the standard ports HTTP and SSH. Was not changed in almost all cases the default password.

Thus, the attackers were able to install the "MrBlack" malware on the routers. In addition, a script on the hijacked routers installed it looked for other vulnerable routers. To avoid getting users advised to change the default password such attacks, install the latest firmware and ensure that the operator interface is not accessible via HTTP or SSH. Something that through this tool can be controlled.