The routers are in turn controlled via servers which are in China and the United States. The researchers thought initially that the routers were acquired via a vulnerability in the firmware. Further investigation showed, however, that all devices were accessible through the standard ports HTTP and SSH. Was not changed in almost all cases the default password.
Thus, the attackers were able to install the "MrBlack" malware on the routers. In addition, a script on the hijacked routers installed it looked for other vulnerable routers. To avoid getting users advised to change the default password such attacks, install the latest firmware and ensure that the operator interface is not accessible via HTTP or SSH. Something that through this tool can be controlled.
No comments:
Post a Comment