Self-replicating Worm Actively Attacking Linksys Routers
A self-replicating worm is actively attacking specific models of Linksys routers common to home and small business use.
February 14, 2014
UPDATE (February 15, 2014): Update on the Linksys Router Worm, a Fix, and Further Actions
According to a post on the Internet Storm Center, a self-replicating worm is actively attacking specific models of Linksys routers common to home and small business use. Depending on the firmware version installed, the following routers are vulnerable:
E4200
E3200
E3000
E2500
E2100L
E2000
E1550
E1500
E1200
E1000
E900
These are the currently known vulnerable router models, but the list may expand as more details are made available.
Dubbed "TheMoon" worm, it connects to port 8080 and then runs a CGI script running on the router. Once the exploit is able to connect successfully, it then downloads a 2MB file from the Internet that then executes and scans for other potential victims on which to install.
So far, the worm hasn't been identified to do anything else by just proliferate itself, but that could change depending on evidence of an additional payload.
More info when it's available.
About the Author
You May Also Like