Chuck Norris Attacks Linux-Based Routers, Modems 193
Posted
by
timothy
from the witnesses-awarded-him-both-ears-and-the-tail dept.
from the witnesses-awarded-him-both-ears-and-the-tail dept.
angry tapir writes "Discovered by Czech researchers, the Chuck Norris botnet has been spreading by taking advantage of poorly configured routers and DSL modems. The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: 'in nome di Chuck Norris,' which means 'in the name of Chuck Norris.' Chuck Norris is unusual in that it infects DSL modems and routers rather than PCs. It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access."
Re:non Linux based routers (Score:5, Informative)
'It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access."' Does this botnet attack also work on non Linux based routers and if so the what is the logic behind the subject line ?
No, It requires the router to be running Linux on a MIPS system.
Re:non Linux based routers (Score:3, Informative)
It doesn't help that standard installs of Comcast and Verizon FiOS provided routers not only leave the default administrative usernames and passwords intact, but also enable only WEP security. I know people claim that they have to do this because of compatibility, but really, has anyone bought anything in the last five years that doesn't support WPA? I've seen techs enable WEP for a person with a single Macbook.
Granted, they don't enable remote access, but really, what is so hard about writing down passwords and taping them to the bottom of the router?
Re:non Linux based routers (Score:4, Informative)
Apparently the nintendo DS, unless some sort of update has been released, only does WEP.
This is not a good thing.
Try lack of jurisdiction (Score:4, Informative)
what's to stop Chuck Norris from taking legal action against the researchers who coined the name?
International boundaries, for one. Likely the author of the software for the botnet does not reside in the US (if that person's location is even known). Chuck Norris can take all the legal action he wants within the US against the botnet author or botnet master, it generally won't mean squat if they are in a different country.
Re:non Linux based routers (Score:2, Informative)
but really, has anyone bought anything in the last five years that doesn't support WPA?
Yes. The Nintendo DS and DS Lite only support WEP. They launched in 2004 and 2006, respectively. Only the third iteration of the device (the DSi) has WPA support, but it's less than a year old, and the DS Lite seems to still be selling.
Re:non Linux based routers (Score:3, Informative)
Not so.
For example, some Linksys routers run Linux, but others run a proprietary VxWorks-based OS. They're all, to my knowledge, based on MIPS processors.
Re:As far as misleading headlines go (Score:4, Informative)
If you really screwed up moderating, just post a reply in the same thread, that will undo all your moderations.
It's easy to get rid of (Score:1, Informative)
"Because the Chuck Norris botnet lives in the router's RAM, it can be removed with a restart.
Users who don't want to be infected can mitigate the risk -- the simplest way of doing this is by using a strong password on the router or modem. "
1 - disconnect from internet
2 - reset the router by removing the power for thirty seconds.
3 - change the router's password.
If you've never changed the router's settings:
You could rtfm (read the fine manual).
You can usually get to the router's settings from your browser. Try typing 192.168.1.1 into the the
browser's URL bar.
The browser will present you with a logon screen. The user name is often blank and the password is
often 'admin'. That's the password you want to change. Don't change the password that logs you onto
the internet. Stick a piece of tape onto the router and write on the new user name and password.
4 - ???
5 - profit!
(sorry, I got carried away)
Re:non Linux based routers (Score:3, Informative)
It's worse than that, on the DS games drive the wifi hardware directly so while the DSi does support WPA you can only use it in games that specifically support it.
Re:As far as misleading headlines go (Score:3, Informative)
Re:Linux fanism (Score:2, Informative)
So if Confiker owns Windows boxen it's because Windows is awful and shoddy. But if CN owns Linux boxen it's because they are "misconfigured".
Given that confiker exploited actual bugs in windows which MS had to patch, and that 'Chuck Norris' is exploiting the fact that certain appliance suppliers deliberately 'configured' Linux with a fixed and known id and password, the statement above that you deride is *in this particular case* clearly accurate.
You do understand the difference between an actual bug causing a security problem and a deliberate choice to 'leave the front door open' don't you?
Re:Linux fanism (Score:3, Informative)
Conficker exploited Windows machines with an unpatched security hole. True, Microsoft had patched the hole but it shouldn't have been there in the first place.
Using a default password to gain what is technologically legitimate access to the operating system is not a vulnerability.
It's like phishing - the fact that someone is too stupid to use online banking safely doesn't imply that their computer was hacked.
Re:non Linux based routers (Score:3, Informative)
Currently the Botnet is using the Linux routers- but it's not an overall stretch, if there's any firmware update ability, to imagine someone injecting a similar beastie into the VxWorks versions of the routers if the remote admin functionality is turned on. All that is needed then is configuring to reflash and then doing the same- then the router would be compromised.
Just because it's VxWorks, it doesn't make it magically safe from being added to the Botnet. It's just that it's not being done now.
Re:As far as misleading headlines go (Score:3, Informative)
If only we could do that with politicians....
Well apparently adding Sarah Palin to your ballot will undo most of your political votes, too.
Re:non Linux based routers (Score:3, Informative)
One solution is to set up two access points: one with WEP, which is locked down to only access the external network, and only for certain ports, and one with WPA2, which can also access the internal network. Some routers can host multiple virtual access points (multiple interfaces), so there's no need for extra hardware in that case.
This setup has worked well for me with my DS in the past, although I didn't limit the port range on the WEP access point.