Author Topic: Linksys Security Alerts  (Read 1729 times)

Alex Allen

  • Administrator
  • Full Member
  • *****
  • Posts: 1224
    • View Profile
    • Stop My Theft
Linksys Security Alerts
« on: February 18, 2014, 03:19:44 pm »
FYI to Owners of Linksys Business Routers;

A self-replicating worm is spreading among a number of different Linksys home and small business routers. Researchers at the SANS Institute reported the outbreak 2-17-2014 and have not been able to determine whether there is a malicious payload or if the worm connects to a command and control server. Johannes B. Ullrich, chief technology officer at SANS said the worm appears at the moment to be doing little more than scanning for other vulnerable routers and seeding itself “The vulnerability allows the unauthenticated execution of arbitrary code on the router. We haven’t published all the details about the vulnerability yet as it appears to be unpatched in many routers,” Ullrich said, adding that Linksys has been notified.

Ullrich said an Internet service provider in Wyoming alerted SANS to the unusual network activity and SANS researchers were able to capture samples of the worm in its honeypots. SANS released an early list of vulnerable routers that could be vulnerable depending on the firmware version they’re running: E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, and E900.

When EPS is given permission to control or access routers remotely we normally only allow remote access to router Administration page from our static IP range or 1 static IP in range, depending on router. As for your home routers, Lynksys does not expose port 8080 by default so should be safe from this Worm. I will follow up in the upcoming days on what unfolds as they figure out what it is doing.

Alex

Information extracted from http://threatpost.com/moon-worm-spreading-on-linksys-home-and-smb-routers/104268