Chuck Norris Attacks Linux-Based Routers, Modems 193
angry tapir writes "Discovered by Czech researchers, the Chuck Norris botnet has been spreading by taking advantage of poorly configured routers and DSL modems. The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: 'in nome di Chuck Norris,' which means 'in the name of Chuck Norris.' Chuck Norris is unusual in that it infects DSL modems and routers rather than PCs. It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access."
non Linux based routers (Score:4, Insightful)
Does this botnet attack also work on non Linux based routers and if so the what is the logic behind the subject line ?
Re:As far as misleading headlines go (Score:5, Insightful)
Yes, this is very misleading. I thought that maybe the Linux network stack was suddenly vulnerable or something, but you're just talking about it taking advantage of default passwords, which is pretty old if you ask me.
This doesn't necessarily mean that say a Linux router that was installed on PC class hardware and has been kept up to date and properly secured is vulnerable to this botnet.
Re:non Linux based routers (Score:2, Insightful)
non Linux based routers
Quick! This man is talking but something is not right. The words are real, but they don't make sense in this sequence. Chuck Norris must have given him a roundhouse kick to the head.
These days, "non Linux based router" is like saying "non carbon based life" (assuming we're talking about home networks.
Re:As far as misleading headlines go (Score:5, Insightful)
Amazing how posts get modded insightful even though they take no time to explain their possition.
The mod system shares the same flaw as democracy: Morons also have a vote.
Re:Try lack of jurisdiction (Score:3, Insightful)
Moreso if anyone ever is able to detain the author and the deployer of the software and the operator of the botnet, then the nicknaming of it will be the least of their problems.
Re:Try lack of jurisdiction (Score:3, Insightful)
His name is only written in the source code, which I doubt anyone cares about. The issue is the researchers who decided to call it "The Chuck Norris Botnet" and then publish papers about it, using that name.
Re:As far as misleading headlines go (Score:3, Insightful)
I will take a shot at this, although I am not the OP. The botnet has little to do with Chuck Norris OR Linux in particular, only that these names come up when investigating it. It is a run of the mill botnet, it takes advantage of default/weak passwords.
Re:As far as misleading headlines go (Score:2, Insightful)
Re:Is anything (Score:3, Insightful)
Imagine a Beowulf cluster of time traveling Chuck Norrises fighting each other.
Please sell the movie rights to your idea. I. Want. To. See. That.
Re:Try lack of jurisdiction (Score:4, Insightful)
Despite *our* ability to easily determine that the name has little to actually do with Chuck Norris, a less informed individual wouldn't be able to.
And that is exactly the problem with the legal system.
Since when is it my responsibility to make sure you're educated in all the correct fields so that you don't get offended, or misinterpret something I say?
The fact that someone who's not informed could misunderstand me should not be able to present me with any legal problems at all.
Unfortunately, it does, because the system sucks.
So, and I'm guessing here... (Score:2, Insightful)
---
Note to Consumers:
I'm just guessing that the user name is "admin", "Admin", "root", or "user" and the password is either "password", "admin", or "actiontec"...
I've setup some of those modems/routers, mainly for people who went to Best Buy (EEK!) and thought "Hey! That's exactly what I'm looking for! That will work great for my Verizon DSL connection! Hey, it's got the Verizon logo right there!"...
FAIL!
!!!!!!!!!!!
Beware anything branded by an ISP, to begin with... And most devices created for a not-so-security-savvy consumer... If all else fails, have a pro come in and set it up for you...
They will be able to have you reset the password and setup some sort of encryption/authentication for your wireless network...
!!!!!!!!!!!
The problem here is that the default username & password for almost every new (Home-based) router or modem is going to be "admin" & "admin" or "admin" & "password"...
What really needs to be done here is that, by default, the device should not be able to connect to the Interwebz with the default settings. If nothing else, have the external web/console interface blocked... "Security through obscurity", including an odd http/https port is only so effective... And most of the time, in my little bit of experience, it is not that obscure... Once the device is out there, its configuration will be scrutinized and, in most cases, prodded by hackers & crackers alike, for "security" concerns.
And don't give me the "Oh, it's Linux. Secure by default!" bit. Any operating system is only as secure as the person controlling it. If you were to have no clue as to how an internal combustion engine works, would you take on the task of rebuilding your (gas-guzzling) car's engine? Most likely not... Why would you think that you could secure your Internet connection if you have no knowledge of how the Internet and, even more than that, people work?
Just another bad thought...
Cheers!
--Stak
The manliest movie ever? (Score:3, Insightful)
Please sell the movie rights to your idea.
Now you've got me thinking... There needs to be a movie, starring Chuck Norris, of course, and a whole slew of people who'll get paid tons of cash due to their notoriety but be left out of the opening credits, where Chuck goes on a non-stop beyond-godlike multinational testosterone-fueled spree of death and pillage, without care for his own safety, in a man-with-nothing-to-lose odyssey to obtain some personally invaluable McGuffin, with obvious spots of intrigue and investigation, HUGE explosions that he just walks out of, and small tactical nukes that he disarms using nothing but his beard, all while his hands are tied behind his back (for the challenge, not because he couldn't break or slip the bonds).
Something like a cross between Taken [imdb.com] and 300, [imdb.com] only so much manlier that he makes Leonidas look like a pussy.
The world needs more awesome, gripping, extremely manly films that have good plots, and I submit that a decent director and screenwriter need to put Chuck into this role. For all our sakes.
Re:As far as misleading headlines go (Score:3, Insightful)
Morons also have a vote
Bush/Cheney
Obama/Biden
I see your point. Thanks for depressing me further.
Re:the REAL Chuck Noris (Score:2, Insightful)