Psyb0t or Network Bluepill is a computer worm discovered in January 2009. It is thought to be unique in that it can infect routers and high-speed modems.[1]
Psyb0t was first detected in January 2009 by Australian security researcher Terry Baume in a Netcomm NB5 ADSL router/modem. Then, in early March, it ran a DDoS attack against DroneBL (an IP blacklisting service). From this attack, DroneBL estimated that it had infected about 100,000 devices. This attack brought some public attention to it in later March which probably caused its operator to shut it down. Also DroneBL successfully attempted to bring its command-and-control and its DNS servers down.
Descriptionedit
Psyb0t targets modems and routers with little-endianMIPS processor running on Mipsel Linux firmware. It is a part of botnet operated by IRC command-and-control servers. After infecting, psyb0t blocks access to the router TCP ports 22, 23, 80.
Psyb0t contains many attack tools. It is known that it is able to perform network scan for vulnerable routers/modems, check for MySQL and phpMyAdmin vulnerabilities or perform website DoS attack.
There are two versions known. The first version 2.5L was affecting Netcomm NB5 ADSL router/modem. Newer version 2.9L now affects over 50 models by Linksys, Netgear and other vendors, including those running DD-WRT or OpenWrt firmware.[2]
Attack vectors and countermeasuresedit
The primary attack vector is SSH or telnet access. Using brute-forcing, it tries to gain access from over 6000 usernames and 13000 passwords. However, 90%[2] of infections are caused by insecure configuration, mostly no or default administration password and allowed remote administration. Recommended countermeasures are to change default access credentials to more secure ones and to update router/modem firmware. In case of infection suspicion, it is advised to perform hard reset of the router, and to not restore the router configuration from a backup.
Referencesedit
^Paul, Ian (25 March 2009). "Nasty New Worm Targets Home Routers, Cable Modems". PC World. Retrieved 2009-03-26.
^ abKristin Shoemaker (25 March 2009). "Psyb0t Evolves, Targets Unprotected Linux Mipsel Routers". OStatic. Retrieved 2009-04-05.
External linksedit
Psyb0t description
DroneBL blog about Psyb0t
New worm can infect home modem/routers
This malware-related article is a stub. You can help Wikipedia by expanding it.
psyb0t, network, bluepill, computer, worm, discovered, january, 2009, thought, unique, that, infect, routers, high, speed, modems, contents, progress, description, attack, vectors, countermeasures, references, external, linksprogress, edit, first, detected, ja. Psyb0t or Network Bluepill is a computer worm discovered in January 2009 It is thought to be unique in that it can infect routers and high speed modems 1 Contents 1 Progress 2 Description 3 Attack vectors and countermeasures 4 References 5 External linksProgress editPsyb0t was first detected in January 2009 by Australian security researcher Terry Baume in a Netcomm NB5 ADSL router modem Then in early March it ran a DDoS attack against DroneBL an IP blacklisting service From this attack DroneBL estimated that it had infected about 100 000 devices This attack brought some public attention to it in later March which probably caused its operator to shut it down Also DroneBL successfully attempted to bring its command and control and its DNS servers down Description editPsyb0t targets modems and routers with little endian MIPS processor running on Mipsel Linux firmware It is a part of botnet operated by IRC command and control servers After infecting psyb0t blocks access to the router TCP ports 22 23 80 Psyb0t contains many attack tools It is known that it is able to perform network scan for vulnerable routers modems check for MySQL and phpMyAdmin vulnerabilities or perform website DoS attack There are two versions known The first version 2 5L was affecting Netcomm NB5 ADSL router modem Newer version 2 9L now affects over 50 models by Linksys Netgear and other vendors including those running DD WRT or OpenWrt firmware 2 Attack vectors and countermeasures editThe primary attack vector is SSH or telnet access Using brute forcing it tries to gain access from over 6000 usernames and 13000 passwords However 90 2 of infections are caused by insecure configuration mostly no or default administration password and allowed remote administration Recommended countermeasures are to change default access credentials to more secure ones and to update router modem firmware In case of infection suspicion it is advised to perform hard reset of the router and to not restore the router configuration from a backup References edit Paul Ian 25 March 2009 Nasty New Worm Targets Home Routers Cable Modems PC World Retrieved 2009 03 26 a b Kristin Shoemaker 25 March 2009 Psyb0t Evolves Targets Unprotected Linux Mipsel Routers OStatic Retrieved 2009 04 05 External links editPsyb0t description DroneBL blog about Psyb0t New worm can infect home modem routers nbsp This malware related article is a stub You can help Wikipedia by expanding it vte Retrieved from https en wikipedia org w index php title Psyb0t amp oldid 1140343610, wikipedia, wiki, book, books, library,
