Psyb0t or Bluepill hacks and infects home networks with bots to act at its bidding.
Wednesday, March 25, 2009 08:30 AM PDT
A computer worm has been discovered that can infect 55 different home-based routers and DSL/cable modems including common brands like Linksys and Netgear.
Believed to have originated in Australia and known as “psyb0t” or Bluepill, this is the first worm known to be able to infect residential routers and modems.
Psyb0t is armed with 6000 common usernames and 13,000 popular passwords that it tries in various combinations to gain entry to your home network. Most home-based routers will give you unlimited attempts to get the username and password correct, making these devices an ideal target for infection. Also, unlike your PC, your router and modem are running 24 hours a day meaning psyb0t has a relatively unlimited amount of time to try and gain access.
If that wasn’t frightening enough, psyb0t is reportedly very hard to detect and most home users will be unaware that they’re infected. Like other worms, psyb0t is designed to infect systems and then carry out commands given by its author, creating what is known as a botnet. There may not be much cause for alarm, though, as APC Magazine is reporting that the botnet capabilities for this worm are no longer active. At its height, psyb0t was suspected of controlling 80,000 tio 100,000 systems.
The DroneBl blog — a real-time tracker that looks for botnets — says the threat psyb0t poses or could have posed is overstated. DroneBL believes this is not an “end of the world, all routers are vulnerable” thing. But the appearance of psyb0t is troubling because it is so hard to detect and could be used to steal “personally identifying information,” the blog adds.
While the threat posed by psyb0t may not be high, it is still extremely important to take precautionary measures against this kind of attack. The best way to protect yourself is to make sure you are not using the default password and username that came with your equipment. Consult the materials that came with your device or the manufacturer’s website for instructions on how to change your username and password. If you’re worried you have been infected, a simple factory reset of your device will kill the worm.