Forgot your password?
typodupeerror
Botnet Security IT Linux

Chuck Norris Attacks Linux-Based Routers, Modems 193

Posted by timothy
from the witnesses-awarded-him-both-ears-and-the-tail dept.
angry tapir writes "Discovered by Czech researchers, the Chuck Norris botnet has been spreading by taking advantage of poorly configured routers and DSL modems. The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: 'in nome di Chuck Norris,' which means 'in the name of Chuck Norris.' Chuck Norris is unusual in that it infects DSL modems and routers rather than PCs. It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access."
This discussion has been archived. No new comments can be posted.

Chuck Norris Attacks Linux-Based Routers, Modems

Comments Filter:
  • by DavidR1991 (1047748) on Monday February 22, 2010 @09:14AM (#31228368) Homepage

    this one really takes the cake!

    • by somersault (912633) on Monday February 22, 2010 @09:20AM (#31228420) Homepage Journal

      Actually, I think Chuck Norris would take the cake and use it to asphyxiate the headline, before drop-kicking said headline into the sun.

      • by spartacus_prime (861925) on Monday February 22, 2010 @09:53AM (#31228706) Homepage

        Actually, I think Chuck Norris would take the cake and use it to asphyxiate the headline, before roundhouse kicking said headline into the sun.

        Fixed that for you.

        • Hook, line and sinker ... I'm a sucker for CH jokes:

          1. Who's the only person who can slam a revolving door? A: Chuck Norris
          2. When an episode of Walker Texas Ranger was aired in France, the French surrendered to Chuck Norris just to be on the safe side.
          3. Superman can compress coal into diamonds. Pffft. Chuck Norris can stretch diamonds back out into coal.
          4. Chuck Norris maintains a concealed weapons license in all 50 states just to legally wear pants.
          etc

    • Re: (Score:2, Interesting)

      I've also got to question the sense of naming a botnet like this. Sure it's memorable, but what's to stop Chuck Norris from taking legal action against the researchers who coined the name? I certainly wouldn't want my name associated with a criminal enterprise.

      • by Anonymous Coward on Monday February 22, 2010 @09:45AM (#31228632)

        I've also got to question the sense of naming a botnet like this. Sure it's memorable, but what's to stop Chuck Norris from taking legal action against the researchers who coined the name? I certainly wouldn't want my name associated with a criminal enterprise.

        ...Chuck Norris is a fictional charactor...

        • by ooshna (1654125) on Monday February 22, 2010 @10:40AM (#31229090)

          ...Chuck Norris is a fictional charactor...

          Thats what they said about the fist in his beard

        • by daem0n1x (748565)
          Ah, so much energy and money spent in lawsuits. Please leave the researchers alone. There are so many important things in life.
        • Re: (Score:2, Funny)

          by AttilaSz (707951)

          Yes, he is played by Bruce Schneier.

        • Re: (Score:3, Informative)

          by Ltap (1572175)
          Actually, he's Carlos Ray Norris and was born in 1940. The actor has the same name as most of his characters. Chuck Norris plays, well, Chuck Norris. Therefore they could even get the double whammy (or roundhouse kick?) of an infringement AND a libel lawsuit.
          • by paiute (550198)

            Actually, he's Carlos Ray Norris

            I may not be a martial artist, but at least I have a real American name.

            Plus I can act.

            And my face assumes different configurations based on the emotion I am feeling at the time.

            • by TheCarp (96830)

              Of course, what configuration will your face assume when Chuck Norris round house kicks your face into the sun?

              I am pretty sure that the end result of that match is Acting: 0 Roundhouse: 1

        • by geekmux (1040042)

          I've also got to question the sense of naming a botnet like this. Sure it's memorable, but what's to stop Chuck Norris from taking legal action against the researchers who coined the name? I certainly wouldn't want my name associated with a criminal enterprise.

          ...Chuck Norris is a fictional charactor...

          Wow. Haven't seen anyone say something like that to get their ass kicked on purpose since watching Jackass reruns.

          Trust me, he's a real person, and his primary skill isn't acting. Careful.

      • by damn_registrars (1103043) <damn.registrars@gmail.com> on Monday February 22, 2010 @09:52AM (#31228692) Homepage Journal

        what's to stop Chuck Norris from taking legal action against the researchers who coined the name?

        International boundaries, for one. Likely the author of the software for the botnet does not reside in the US (if that person's location is even known). Chuck Norris can take all the legal action he wants within the US against the botnet author or botnet master, it generally won't mean squat if they are in a different country.

        • Re: (Score:3, Insightful)

          by Sique (173459)

          Moreso if anyone ever is able to detain the author and the deployer of the software and the operator of the botnet, then the nicknaming of it will be the least of their problems.

        • Re: (Score:3, Insightful)

          His name is only written in the source code, which I doubt anyone cares about. The issue is the researchers who decided to call it "The Chuck Norris Botnet" and then publish papers about it, using that name.

        • by jeffmeden (135043)

          The question was actually about the researcher; surely the author is already taking action to avoid the recourse of getting caught distributing/running a malicious botnet. However, the researcher (in this case Czech, could have easily been from the US) was the one that coined the name based on the code found. Would someone doing that be subject to legal action as a result? It's a gray area, but it wouldn't be hard to argue defamation if the researcher titled all his papers "Malicious Activity by Chuck No

          • by cbiltcliffe (186293) on Monday February 22, 2010 @10:38AM (#31229070) Homepage Journal

            Despite *our* ability to easily determine that the name has little to actually do with Chuck Norris, a less informed individual wouldn't be able to.

            And that is exactly the problem with the legal system.

            Since when is it my responsibility to make sure you're educated in all the correct fields so that you don't get offended, or misinterpret something I say?

            The fact that someone who's not informed could misunderstand me should not be able to present me with any legal problems at all.

            Unfortunately, it does, because the system sucks.

        • by Neoprofin (871029)
          Or, and hear me out on this, he could take legal action, if there is any to be taken, in the applicable country. It seems to be a much disregarded fact on Slashdot that you don't need to be the citizen of, resident of, or even present in, a country to hire a lawyer there to file whatever papers you choose.
          • As best I know, you are absolutely right on that. However that still leaves the problem of figuring out where the botnet originated, and more likely more importantly where the author of the important code lives. I doubt that search would be worth the time it would take to do it; and considering the second and third-world countries where these botnets usually get their starts, it might not be a worthwhile pursuit anyways.

            In short I think Chuck Norris likely has better things to do with his time and money
        • by NevarMore (248971)

          Wouldn't that be like Al Capone being busted on tax evasion? Oh, better yet, OJ getting acquitted in criminal court to be successfully sued in civil court.

          So Chuck sends his lawyers after the author. But only because lawyers are a "nice" first option, better than being roundhouse kicked off of the moon, through a plate glass window, and into the sun. Those lawyers track down and sue the bloke who wrote the botnet and win, but the FBI/CIA/Interpol/Vatican can't actually convict him of computer crimes.

      • I'd be more concerned with having my name associated with a very unamusing and old Internet meme...
    • by suso (153703) * on Monday February 22, 2010 @09:36AM (#31228564) Homepage Journal

      Yes, this is very misleading. I thought that maybe the Linux network stack was suddenly vulnerable or something, but you're just talking about it taking advantage of default passwords, which is pretty old if you ask me.

      This doesn't necessarily mean that say a Linux router that was installed on PC class hardware and has been kept up to date and properly secured is vulnerable to this botnet.

      • by Creepy (93888)

        yes, its taking advantage of a number of router issues that date back to the stone ages of computing

        1) the default username is admin. In many cases you either can't change the username or changes in username are ignored. In fact, the only time I've been able to both change the username and had it not be ignored was with a custom linux reconfig on the Linksys WRT54G.

        2) while not as common these days, enabling remote admin was common on older routers. I actually haven't seen this configured as enabled on a

    • Chuck Norris doesn't attack. He destroys.
    • by flyneye (84093)

      Had I gotten first post, I surely would've M.C.ed " Let the Chuck Norris Jokes Begin", but as usual I am hours late and $5 short of the admittance fee.
      My contribution makes reference to the Cinematic battle featuring Bruce Lee, who actually flayed Chucks ass in that scene because of his egotistical attitude and the necessity for someone to write a Bruce Lee worm to rid us of the threat at hand.

  • Is anything (Score:3, Funny)

    by AllyGreen (1727388) on Monday February 22, 2010 @09:21AM (#31228430)
    safe from Chuck Norris??
    • Not even Chuck Norris is safe from Chuck Norris, so this botnet's days are numbered.

  • by bsDaemon (87307) on Monday February 22, 2010 @09:22AM (#31228436)
    The REAL Chuck Noris wouldn't have to guess the default password, he'd just round-house kick the modem until it let him in without it.
  • by selven (1556643) on Monday February 22, 2010 @09:25AM (#31228466)

    Not even Bruce Schneier [schneierfacts.com] can protect your router from Chuck.

  • by viralMeme (1461143) on Monday February 22, 2010 @09:26AM (#31228488)
    'It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access."'

    Does this botnet attack also work on non Linux based routers and if so the what is the logic behind the subject line ?
    • by Flibberdy (780254) on Monday February 22, 2010 @09:35AM (#31228554)

      'It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access."' Does this botnet attack also work on non Linux based routers and if so the what is the logic behind the subject line ?

      No, It requires the router to be running Linux on a MIPS system.

    • Re: (Score:3, Informative)

      by langelgjm (860756)

      It doesn't help that standard installs of Comcast and Verizon FiOS provided routers not only leave the default administrative usernames and passwords intact, but also enable only WEP security. I know people claim that they have to do this because of compatibility, but really, has anyone bought anything in the last five years that doesn't support WPA? I've seen techs enable WEP for a person with a single Macbook.

      Granted, they don't enable remote access, but really, what is so hard about writing down password

      • by Nursie (632944) on Monday February 22, 2010 @09:48AM (#31228654)

        Apparently the nintendo DS, unless some sort of update has been released, only does WEP.

        This is not a good thing.

        • Re: (Score:2, Interesting)

          by Anderu67 (1179779)
          There's no way to update the DS, as the wi-fi stack is built into each game cartridge. Chances are you wouldn't be using a DS online enough to want to lower your security though...
          • Re: (Score:3, Informative)

            by Bootarn (970788)

            One solution is to set up two access points: one with WEP, which is locked down to only access the external network, and only for certain ports, and one with WPA2, which can also access the internal network. Some routers can host multiple virtual access points (multiple interfaces), so there's no need for extra hardware in that case.

            This setup has worked well for me with my DS in the past, although I didn't limit the port range on the WEP access point.

            • by Ihmhi (1206036)

              I have had computer repair customers come over to my home/workshop and connect to my wireless, but they'll have ancient laptops that can only use WPA or WEP. I'm very interested in hearing about how you could set this up with a network. Got any links?

      • Re: (Score:2, Informative)

        by Anonymous Coward

        but really, has anyone bought anything in the last five years that doesn't support WPA?

        Yes. The Nintendo DS and DS Lite only support WEP. They launched in 2004 and 2006, respectively. Only the third iteration of the device (the DSi) has WPA support, but it's less than a year old, and the DS Lite seems to still be selling.

        • Re: (Score:3, Informative)

          by petermgreen (876956)

          It's worse than that, on the DS games drive the wifi hardware directly so while the DSi does support WPA you can only use it in games that specifically support it.

      • by lyinhart (1352173)
        The Actiontec Mi424-WR Verizon provides for FiOS supports WPA and WPA2, at least from Revision D on. But by default, it uses WEP (the web admin console actually recommends WEP). One of the Westell routers I've seen for a Verizon Business DSL installation a few years back only supports WEP. So I just disabled wireless outright for that installation.
        • by Rich0 (548339)

          I just got a FIOS wireless router a few months ago, and I only see WEP in the configuration settings. I disabled it entirely and am using a separate access point running DD-WRT.

          I'm just utterly amazed that in 2010 that EVERYTHING doesn't support WPA2.

          Also - it is very annoying that there is no standard for providing secure WiFi connections that doesn't involve a shared secret. It is like http all over again (also no standard for secure connections that doesn't involve a trusted certificate). Even if you

          • by Svartalf (2997)

            There's no good secure way to do what you're commenting on. How could you know what is properly authenticated or not to initiate the secure session? You can't without some sort of certificate or pre-shared key info. Even public key cryptography needs some semblance of an initial pre-shared tidbit- and PKI's are vastly less secure than most people think they are even when there's no compromises within the certificate chain directly.

            As an exercise, I suggest you read up on some of the recent TLS exploits (

            • by Rich0 (548339)

              I see it this way. I have two choices with regard to http or WiFi encryption:

              1. No encryption at all, which is vulnerable to passive and active attacks.
              2. Fully authenticated encryption, which is not vulnerable to passive and active attacks.

              I propose we should have a third choice:

              3. Unauthenticated encryption, which is vulnerable to active attacks (MITM) but not passive attacks.

              I just don't get arguments that call this "insecure" - sure it is less secure than #2, but it is more secure than #1 which is t

      • Granted, they don't enable remote access, but really, what is so hard about writing down passwords and taping them to the bottom of the router?

        The Chuck Norris botnet can read the password taped to the bottom of your router.

    • by AHuxley (892839)
      "guessing default administrative" could be looked up and listed in their code via sites like
      http://www.portforward.com/ [portforward.com]
      Then just hope like a UFO hunter on a US mil network, its a default hunt.
    • Re: (Score:2, Insightful)

      by Culture20 (968837)

      non Linux based routers

      Quick! This man is talking but something is not right. The words are real, but they don't make sense in this sequence. Chuck Norris must have given him a roundhouse kick to the head.
      These days, "non Linux based router" is like saying "non carbon based life" (assuming we're talking about home networks.

      • Re: (Score:3, Informative)

        Not so.

        For example, some Linksys routers run Linux, but others run a proprietary VxWorks-based OS. They're all, to my knowledge, based on MIPS processors.

        • Re: (Score:3, Informative)

          by Svartalf (2997)

          Currently the Botnet is using the Linux routers- but it's not an overall stretch, if there's any firmware update ability, to imagine someone injecting a similar beastie into the VxWorks versions of the routers if the remote admin functionality is turned on. All that is needed then is configuring to reflash and then doing the same- then the router would be compromised.

          Just because it's VxWorks, it doesn't make it magically safe from being added to the Botnet. It's just that it's not being done now.

      • by phrostie (121428)

        I have to agree with the lighten up part.
        if this is the best they can do, then bring it on.

        besides, i'm more of a Jackie Chan fan myself

    • by Nutria (679911)

      Well, it's Monday morning (where I am, in America, which is all that counts!), so a serious case of lack-of-humor is to be expected on the part of some commenters.

      Thus: lighten up people.

  • Am I the only one who was entirely terrified by this headline?

    • by AP31R0N (723649)

      Chuck Norris isn't a BotNet, it's just that he's so deadly that his AIM status message leaves devastation in its wake.

  • by L4t3r4lu5 (1216702) on Monday February 22, 2010 @10:24AM (#31228980)
    Is Chuck Norris really defeated by changing the admin password on your home router?!

    That would have made Bruce Lee's job a lot easier.
  • "The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: 'in nome di Chuck Norris'"

    Source code? How did they get the source code? Wouldn't a virus in the wild be compiled? Is this some strange virus that carries around its source code and compiles itself for every new host it infects?

    If so, I believe a Gentoo programmer is behind this virus outbreak.

    • Maybe they decompiled/de-assembled it?
    • by BlindSpot (512363)

      Hey, maybe it means malware developers are finally embracing Open Source!

      • by cpghost (719344)
        But if a virus is GPLed, shouldn't it install its source code on the target machines too (as the author doesn't provide alternative ways to download the source)?
    • by omnichad (1198475)

      It's not uncommon for virus programmers to put text data in the binary somewhere. I agree, though, calling machine language "source code" is a bit of a stretch.

  • ---
    Note to Consumers:

    I'm just guessing that the user name is "admin", "Admin", "root", or "user" and the password is either "password", "admin", or "actiontec"...

    I've setup some of those modems/routers, mainly for people who went to Best Buy (EEK!) and thought "Hey! That's exactly what I'm looking for! That will work great for my Verizon DSL connection! Hey, it's got the Verizon logo right there!"...

    FAIL!

    !!!!!!!!!!!
    Beware anything branded by an ISP, to begin with... And most devices created for a not-so-sec

  • by DarthVain (724186) on Monday February 22, 2010 @10:52AM (#31229242)

    doesn't need computers in his Botnet, he just ...er infects routers and modems...

    and my all time favorite:

    Chuck Norris doesn't do push ups. He pushes the planet down.

  • The Leonidas botnet and the Techno Viking botnet team up to fight the Vin Diesel botnet and the Mr T botnet.
    The winner gets to rip Chuck Norris apart.

  • by saboola (655522) on Monday February 22, 2010 @11:56AM (#31229926)
    ..I can not merely see him suffering Silent Rage (1982) over having a botnet named after him. He will attempt to get the researcher in a legal Code of Silence (1985) using A Force of One (1979) lawyer who will no doubt be Top Dog (1995) in his field.
  • by dlgeek (1065796) on Monday February 22, 2010 @12:44PM (#31230538)
    There are a lot of comments here laying the blame on dumb users, and I agree that they're often at fault, but sometimes the ISPs are to blame. I once had a cable provider (Brightstar, in Seattle) that gave me a combination modem/router that only had an extremely basic admin interface available - the only thing I could change was the WPA password. However, if you SSH'd in to the router from the outside (and only from the outside), you could log in with the default administrator username and password (found through google) and reconfigure almost everything through a horribly undocumented text interface. There's almost no way for a normal user to figure this out or change it, and if they did change the password, the ISP (who almost certainly is using this interface for mass-management) would probably be pretty upset.
  • Jack Bauer (Score:3, Funny)

    by antdude (79039) on Monday February 22, 2010 @12:57PM (#31230788) Homepage Journal

    Jack Bauer could do better than Chuck Norris. :-P

  • I have yet to see a router or dsl modem distributed by an ISP in the US that DIDN'T use the default user/password. First thing I did when I got mine was find the (undocumented) way to change the password.

    So pretty much the entire US is vulnerable to this...

  • First the universe comes into being once again when Chuck wakes up. He processes to scare the time-space fabric out of his way until he reaches the kitchen where he stares down the coffee pot till it spontaniously brews coffee. Grabbing a chicken from his hen house out back he round house kicks it catching the subsequently, and prefectly made sunny side up eggs in his mouth after they have flown around the world in 14 seconds. He boldly enters his home through a revolving door which his slams upon glancing

It's time to boot, do your boot ROMs know where your disk controllers are?

Working...