Nasty New Worm Targets Home Routers, Cable Modems

Psyb0t or Bluepill hacks and infects home networks with bots to act at its bidding.

Ian Paul
Wednesday, March 25, 2009 08:30 AM PDT
PCWorld.com Article

A computer worm has been discovered that can infect 55 different home-based routers and DSL/cable modems including common brands like Linksys and Netgear.

Believed to have originated in Australia and known as “psyb0t” or Bluepill, this is the first worm known to be able to infect residential routers and modems.

Psyb0t is armed with 6000 common usernames and 13,000 popular passwords that it tries in various combinations to gain entry to your home network. Most home-based routers will give you unlimited attempts to get the username and password correct, making these devices an ideal target for infection. Also, unlike your PC, your router and modem are running 24 hours a day meaning psyb0t has a relatively unlimited amount of time to try and gain access.

network security worm

If that wasn’t frightening enough, psyb0t is reportedly very hard to detect and most home users will be unaware that they’re infected. Like other worms, psyb0t is designed to infect systems and then carry out commands given by its author, creating what is known as a botnet. There may not be much cause for alarm, though, as APC Magazine is reporting that the botnet capabilities for this worm are no longer active. At its height, psyb0t was suspected of controlling 80,000 tio 100,000 systems.

The DroneBl blog — a real-time tracker that looks for botnets — says the threat psyb0t poses or could have posed is overstated. DroneBL believes this is not an “end of the world, all routers are vulnerable” thing. But the appearance of psyb0t is troubling because it is so hard to detect and could be used to steal “personally identifying information,” the blog adds.

While the threat posed by psyb0t may not be high, it is still extremely important to take precautionary measures against this kind of attack. The best way to protect yourself is to make sure you are not using the default password and username that came with your equipment. Consult the materials that came with your device or the manufacturer’s website for instructions on how to change your username and password. If you’re worried you have been infected, a simple factory reset of your device will kill the worm.

Read and post comments | Send to a friend

Advertisements

About skicat56

Snow Sports Industry veteran – Husband – Father – Network IT Ninja & Former Powncer. Old enough to know better but young enough to start a new career.
This entry was posted in Hardware, Security and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s