Worm targets routers skips HD

Just read about the Psyb0t worm that skips everything but targets the router. Currently it only has 55 different routers.

The simple fix is to reset the router to factory defaults.

The problem is that most current anti malware scanning methods do not scan the router.
Most anti malware programs look for activity in memory or on the HD, since the router is skipped, You do not know if are part of a botnet, until something major occurs.

Is there a program that includes routers in its scanning?

UncleDoug

Hi Uncle Doug.

For the PsyBot worm to target the router it has to make an outbound connection to that router. This is where your firewall comes into play. In particular Comodo’s outbound protection built into CIS/CPF. The Firewall monitors all ingoing and outgoing connections and D+ in CIS protects your system from changes to critical system files.

You’re essentially protected if you use CIS as any new files are “untrusted”.

Eric

Here’s a link on it:
http://blogs.zdnet.com/BTL/?p=15197

Luckily I don’t have Linksys or Netgear. :stuck_out_tongue:

Are you sure the worm has to be in your PC first? I can’t find anything about that in the article.

I was just checking that. many links to different online articles, but each says the exact same thing (copy and paste, anyone).
None state what routers are currently targeted.

Yea, just this:

However, the most recently discovered generation (dubbed ‘version 18′ in the code) targets a wide range of devices, and contains the shellcode for over [b]30 different Linksys models, 10 Netgear models, and 15 other models of cable and DSL modems[/b], APC reports. It did not specify which models.

Um…I think I have a Linksys. >:(

And now I forgot the admin pass. >:( >:(

That means I have to install a trial of Roboform to get my old passes. >:( >:( >:(

:frowning: >:( >:( >:( >:( >:( >:( >:( >:( >:( >:(

I’m grumpy.

You can simply reset your router to the factory defaults. I had a Linksy WAG354G which I no longer use. There’s a button inside the hole next to where the power is plugged in. You need a pin or toothpick. Press in and hold for about 10 seconds and then release. That will reset your router to the defaults. I think default login and password is: admin & admin.

Eric

Yeah but I had “customized” my router so I was reluctant to reset. Plus, I needed to get those passes out anyway. Some of them were “important”…(not going into details :P)…