Chuck Norris Attacks Linux-Based Routers, Modems 193
angry tapir writes "Discovered by Czech researchers, the Chuck Norris botnet has been spreading by taking advantage of poorly configured routers and DSL modems. The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: 'in nome di Chuck Norris,' which means 'in the name of Chuck Norris.' Chuck Norris is unusual in that it infects DSL modems and routers rather than PCs. It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access."
As far as misleading headlines go (Score:5, Funny)
this one really takes the cake!
Re:As far as misleading headlines go (Score:5, Funny)
Actually, I think Chuck Norris would take the cake and use it to asphyxiate the headline, before drop-kicking said headline into the sun.
Re:As far as misleading headlines go (Score:5, Funny)
Actually, I think Chuck Norris would take the cake and use it to asphyxiate the headline, before roundhouse kicking said headline into the sun.
Fixed that for you.
There goes my karma (Score:2, Funny)
Hook, line and sinker ... I'm a sucker for CH jokes:
1. Who's the only person who can slam a revolving door? A: Chuck Norris
2. When an episode of Walker Texas Ranger was aired in France, the French surrendered to Chuck Norris just to be on the safe side.
3. Superman can compress coal into diamonds. Pffft. Chuck Norris can stretch diamonds back out into coal.
4. Chuck Norris maintains a concealed weapons license in all 50 states just to legally wear pants.
etc
Re: (Score:2, Interesting)
I've also got to question the sense of naming a botnet like this. Sure it's memorable, but what's to stop Chuck Norris from taking legal action against the researchers who coined the name? I certainly wouldn't want my name associated with a criminal enterprise.
Re:As far as misleading headlines go (Score:5, Funny)
I've also got to question the sense of naming a botnet like this. Sure it's memorable, but what's to stop Chuck Norris from taking legal action against the researchers who coined the name? I certainly wouldn't want my name associated with a criminal enterprise.
...Chuck Norris is a fictional charactor...
Re:As far as misleading headlines go (Score:5, Funny)
...Chuck Norris is a fictional charactor...
Thats what they said about the fist in his beard
Re: (Score:2)
Re: (Score:2, Funny)
Yes, he is played by Bruce Schneier.
Re: (Score:3, Informative)
Re: (Score:2)
Actually, he's Carlos Ray Norris
I may not be a martial artist, but at least I have a real American name.
Plus I can act.
And my face assumes different configurations based on the emotion I am feeling at the time.
Re: (Score:2)
Of course, what configuration will your face assume when Chuck Norris round house kicks your face into the sun?
I am pretty sure that the end result of that match is Acting: 0 Roundhouse: 1
Re: (Score:2)
I've also got to question the sense of naming a botnet like this. Sure it's memorable, but what's to stop Chuck Norris from taking legal action against the researchers who coined the name? I certainly wouldn't want my name associated with a criminal enterprise.
...Chuck Norris is a fictional charactor...
Wow. Haven't seen anyone say something like that to get their ass kicked on purpose since watching Jackass reruns.
Trust me, he's a real person, and his primary skill isn't acting. Careful.
Re: (Score:2)
woooosh
Try lack of jurisdiction (Score:4, Informative)
what's to stop Chuck Norris from taking legal action against the researchers who coined the name?
International boundaries, for one. Likely the author of the software for the botnet does not reside in the US (if that person's location is even known). Chuck Norris can take all the legal action he wants within the US against the botnet author or botnet master, it generally won't mean squat if they are in a different country.
Re: (Score:3, Insightful)
Moreso if anyone ever is able to detain the author and the deployer of the software and the operator of the botnet, then the nicknaming of it will be the least of their problems.
Re: (Score:3, Insightful)
His name is only written in the source code, which I doubt anyone cares about. The issue is the researchers who decided to call it "The Chuck Norris Botnet" and then publish papers about it, using that name.
Re: (Score:2)
The question was actually about the researcher; surely the author is already taking action to avoid the recourse of getting caught distributing/running a malicious botnet. However, the researcher (in this case Czech, could have easily been from the US) was the one that coined the name based on the code found. Would someone doing that be subject to legal action as a result? It's a gray area, but it wouldn't be hard to argue defamation if the researcher titled all his papers "Malicious Activity by Chuck No
Re:Try lack of jurisdiction (Score:4, Insightful)
Despite *our* ability to easily determine that the name has little to actually do with Chuck Norris, a less informed individual wouldn't be able to.
And that is exactly the problem with the legal system.
Since when is it my responsibility to make sure you're educated in all the correct fields so that you don't get offended, or misinterpret something I say?
The fact that someone who's not informed could misunderstand me should not be able to present me with any legal problems at all.
Unfortunately, it does, because the system sucks.
Re: (Score:2)
Re: (Score:2)
In short I think Chuck Norris likely has better things to do with his time and money
Re: (Score:2)
Wouldn't that be like Al Capone being busted on tax evasion? Oh, better yet, OJ getting acquitted in criminal court to be successfully sued in civil court.
So Chuck sends his lawyers after the author. But only because lawyers are a "nice" first option, better than being roundhouse kicked off of the moon, through a plate glass window, and into the sun. Those lawyers track down and sue the bloke who wrote the botnet and win, but the FBI/CIA/Interpol/Vatican can't actually convict him of computer crimes.
Re: (Score:2)
Re: (Score:2)
Re:As far as misleading headlines go (Score:5, Insightful)
Yes, this is very misleading. I thought that maybe the Linux network stack was suddenly vulnerable or something, but you're just talking about it taking advantage of default passwords, which is pretty old if you ask me.
This doesn't necessarily mean that say a Linux router that was installed on PC class hardware and has been kept up to date and properly secured is vulnerable to this botnet.
Re: (Score:2)
yes, its taking advantage of a number of router issues that date back to the stone ages of computing
1) the default username is admin. In many cases you either can't change the username or changes in username are ignored. In fact, the only time I've been able to both change the username and had it not be ignored was with a custom linux reconfig on the Linksys WRT54G.
2) while not as common these days, enabling remote admin was common on older routers. I actually haven't seen this configured as enabled on a
Re: (Score:2)
Re: (Score:2)
Had I gotten first post, I surely would've M.C.ed " Let the Chuck Norris Jokes Begin", but as usual I am hours late and $5 short of the admittance fee.
My contribution makes reference to the Cinematic battle featuring Bruce Lee, who actually flayed Chucks ass in that scene because of his egotistical attitude and the necessity for someone to write a Bruce Lee worm to rid us of the threat at hand.
Re:As far as misleading headlines go (Score:5, Insightful)
Amazing how posts get modded insightful even though they take no time to explain their possition.
The mod system shares the same flaw as democracy: Morons also have a vote.
Re: (Score:2, Funny)
Bigger problem is the inability to change your vote, and locating positive and negative mods in close proximity to each other so it's easy to accidentally mod someone up/down with no recourse.
Re: (Score:2, Insightful)
Re:As far as misleading headlines go (Score:4, Informative)
If you really screwed up moderating, just post a reply in the same thread, that will undo all your moderations.
Re: (Score:3, Informative)
If only we could do that with politicians....
Well apparently adding Sarah Palin to your ballot will undo most of your political votes, too.
Re: (Score:2)
Not only morons, but non-morons with axes to grind who's response to those with a contrary view is to try to shut them up rather than debate them. That comes up rather quickly as a factor in any discussion involving politics, religion, or global warming. Again, just like democracy.
Re: (Score:3, Insightful)
Morons also have a vote
Bush/Cheney
Obama/Biden
I see your point. Thanks for depressing me further.
Re: (Score:3, Insightful)
I will take a shot at this, although I am not the OP. The botnet has little to do with Chuck Norris OR Linux in particular, only that these names come up when investigating it. It is a run of the mill botnet, it takes advantage of default/weak passwords.
Is anything (Score:3, Funny)
Re: (Score:2)
Not even Chuck Norris is safe from Chuck Norris, so this botnet's days are numbered.
Re: (Score:2)
Only Chuck Norris is safe from Chuck Norris.
Are you implying that Chuck Norris could beat up Chuck Norris?
Re: (Score:2)
Re:Is anything (Score:5, Funny)
Re: (Score:2)
Imagine a Beowulf cluster of time traveling Chuck Norrises fighting each other.
Re: (Score:3, Insightful)
Imagine a Beowulf cluster of time traveling Chuck Norrises fighting each other.
Please sell the movie rights to your idea. I. Want. To. See. That.
The manliest movie ever? (Score:3, Insightful)
Please sell the movie rights to your idea.
Now you've got me thinking... There needs to be a movie, starring Chuck Norris, of course, and a whole slew of people who'll get paid tons of cash due to their notoriety but be left out of the opening credits, where Chuck goes on a non-stop beyond-godlike multinational testosterone-fueled spree of death and pillage, without care for his own safety, in a man-with-nothing-to-lose odyssey to obtain some personally invaluable McGuffin, with obvious spots of intrigue and investigation, HUGE explosions that he ju
Re: (Score:2)
The universe finds this so abhorrent that it would never be allowed to happen.
Re: (Score:2)
Only Chuck Norris is safe from Chuck Norris.
Are you implying that Chuck Norris could beat up Chuck Norris?
If you ponder it for too long, the world will end. So please, for the sake of all of us -- don't.
the REAL Chuck Noris (Score:5, Funny)
Re:the REAL Chuck Noris (Score:5, Funny)
There is no password behind Chuck Norris' router, there is only another fist.
Re:the REAL Chuck Noris (Score:5, Funny)
His last hub was only rebooted once. Rebooted into the sun.
Re: (Score:2, Insightful)
Stupid jokes incoming in 3...2...1... (Score:3, Funny)
Not even Bruce Schneier [schneierfacts.com] can protect your router from Chuck.
Re:Stupid jokes incoming in 3...2...1... (Score:5, Funny)
In other news, an Italian programmer was found dead after taking Chuck Norris's name in vain.
Re:Stupid jokes incoming in 3...2...1... (Score:5, Funny)
...with the impression of a foot in the side of his head
Re: (Score:2)
Re: (Score:2)
But the Techno Viking can!
http://comixed.com/2010/02/13/comics-comic-strip-yonkoma-clash-of-the-titans/ [comixed.com]
non Linux based routers (Score:4, Insightful)
Does this botnet attack also work on non Linux based routers and if so the what is the logic behind the subject line ?
Re:non Linux based routers (Score:5, Informative)
'It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access."' Does this botnet attack also work on non Linux based routers and if so the what is the logic behind the subject line ?
No, It requires the router to be running Linux on a MIPS system.
Re: (Score:3, Informative)
It doesn't help that standard installs of Comcast and Verizon FiOS provided routers not only leave the default administrative usernames and passwords intact, but also enable only WEP security. I know people claim that they have to do this because of compatibility, but really, has anyone bought anything in the last five years that doesn't support WPA? I've seen techs enable WEP for a person with a single Macbook.
Granted, they don't enable remote access, but really, what is so hard about writing down password
Re:non Linux based routers (Score:4, Informative)
Apparently the nintendo DS, unless some sort of update has been released, only does WEP.
This is not a good thing.
Re: (Score:2, Interesting)
Re: (Score:3, Informative)
One solution is to set up two access points: one with WEP, which is locked down to only access the external network, and only for certain ports, and one with WPA2, which can also access the internal network. Some routers can host multiple virtual access points (multiple interfaces), so there's no need for extra hardware in that case.
This setup has worked well for me with my DS in the past, although I didn't limit the port range on the WEP access point.
Re: (Score:2)
I have had computer repair customers come over to my home/workshop and connect to my wireless, but they'll have ancient laptops that can only use WPA or WEP. I'm very interested in hearing about how you could set this up with a network. Got any links?
Re: (Score:2, Informative)
but really, has anyone bought anything in the last five years that doesn't support WPA?
Yes. The Nintendo DS and DS Lite only support WEP. They launched in 2004 and 2006, respectively. Only the third iteration of the device (the DSi) has WPA support, but it's less than a year old, and the DS Lite seems to still be selling.
Re: (Score:3, Informative)
It's worse than that, on the DS games drive the wifi hardware directly so while the DSi does support WPA you can only use it in games that specifically support it.
Re: (Score:2)
Re: (Score:2)
I just got a FIOS wireless router a few months ago, and I only see WEP in the configuration settings. I disabled it entirely and am using a separate access point running DD-WRT.
I'm just utterly amazed that in 2010 that EVERYTHING doesn't support WPA2.
Also - it is very annoying that there is no standard for providing secure WiFi connections that doesn't involve a shared secret. It is like http all over again (also no standard for secure connections that doesn't involve a trusted certificate). Even if you
Re: (Score:2)
There's no good secure way to do what you're commenting on. How could you know what is properly authenticated or not to initiate the secure session? You can't without some sort of certificate or pre-shared key info. Even public key cryptography needs some semblance of an initial pre-shared tidbit- and PKI's are vastly less secure than most people think they are even when there's no compromises within the certificate chain directly.
As an exercise, I suggest you read up on some of the recent TLS exploits (
Re: (Score:2)
I see it this way. I have two choices with regard to http or WiFi encryption:
1. No encryption at all, which is vulnerable to passive and active attacks.
2. Fully authenticated encryption, which is not vulnerable to passive and active attacks.
I propose we should have a third choice:
3. Unauthenticated encryption, which is vulnerable to active attacks (MITM) but not passive attacks.
I just don't get arguments that call this "insecure" - sure it is less secure than #2, but it is more secure than #1 which is t
Re: (Score:2)
Granted, they don't enable remote access, but really, what is so hard about writing down passwords and taping them to the bottom of the router?
The Chuck Norris botnet can read the password taped to the bottom of your router.
Re: (Score:2)
http://www.portforward.com/ [portforward.com]
Then just hope like a UFO hunter on a US mil network, its a default hunt.
Re: (Score:2, Insightful)
non Linux based routers
Quick! This man is talking but something is not right. The words are real, but they don't make sense in this sequence. Chuck Norris must have given him a roundhouse kick to the head.
These days, "non Linux based router" is like saying "non carbon based life" (assuming we're talking about home networks.
Re: (Score:3, Informative)
Not so.
For example, some Linksys routers run Linux, but others run a proprietary VxWorks-based OS. They're all, to my knowledge, based on MIPS processors.
Re: (Score:3, Informative)
Currently the Botnet is using the Linux routers- but it's not an overall stretch, if there's any firmware update ability, to imagine someone injecting a similar beastie into the VxWorks versions of the routers if the remote admin functionality is turned on. All that is needed then is configuring to reflash and then doing the same- then the router would be compromised.
Just because it's VxWorks, it doesn't make it magically safe from being added to the Botnet. It's just that it's not being done now.
Re: (Score:2)
I have to agree with the lighten up part.
if this is the best they can do, then bring it on.
besides, i'm more of a Jackie Chan fan myself
Re: (Score:2)
Well, it's Monday morning (where I am, in America, which is all that counts!), so a serious case of lack-of-humor is to be expected on the part of some commenters.
Thus: lighten up people.
Wow, wasn't aware Chuck Norris was a botnet (Score:5, Funny)
Am I the only one who was entirely terrified by this headline?
Re: (Score:2)
Chuck Norris isn't a BotNet, it's just that he's so deadly that his AIM status message leaves devastation in its wake.
Re: (Score:2)
I've always seen Linux as a kind of Social Libertarian. I can agree with the second half of that, at least, so Linux and I get along.
Have we found his one weakness? (Score:3, Funny)
That would have made Bruce Lee's job a lot easier.
Source code? (Score:2)
"The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: 'in nome di Chuck Norris'"
Source code? How did they get the source code? Wouldn't a virus in the wild be compiled? Is this some strange virus that carries around its source code and compiles itself for every new host it infects?
If so, I believe a Gentoo programmer is behind this virus outbreak.
Re: (Score:2)
Re: (Score:2)
Hey, maybe it means malware developers are finally embracing Open Source!
Re: (Score:2)
Re: (Score:2)
It's not uncommon for virus programmers to put text data in the binary somewhere. I agree, though, calling machine language "source code" is a bit of a stretch.
So, and I'm guessing here... (Score:2, Insightful)
---
Note to Consumers:
I'm just guessing that the user name is "admin", "Admin", "root", or "user" and the password is either "password", "admin", or "actiontec"...
I've setup some of those modems/routers, mainly for people who went to Best Buy (EEK!) and thought "Hey! That's exactly what I'm looking for! That will work great for my Verizon DSL connection! Hey, it's got the Verizon logo right there!"...
FAIL!
!!!!!!!!!!!
Beware anything branded by an ISP, to begin with... And most devices created for a not-so-sec
Chuck Norris... (Score:3, Funny)
doesn't need computers in his Botnet, he just ...er infects routers and modems...
and my all time favorite:
Chuck Norris doesn't do push ups. He pushes the planet down.
Next up: (Score:2)
The Leonidas botnet and the Techno Viking botnet team up to fight the Vin Diesel botnet and the Mr T botnet.
The winner gets to rip Chuck Norris apart.
Chuck Norris will want Forced Vengeance (1982)... (Score:4, Funny)
Not always the user's fault (Score:3, Interesting)
Jack Bauer (Score:3, Funny)
Jack Bauer could do better than Chuck Norris. :-P
Great - so this can only affect 99% of US routers (Score:2)
I have yet to see a router or dsl modem distributed by an ISP in the US that DIDN'T use the default user/password. First thing I did when I got mine was find the (undocumented) way to change the password.
So pretty much the entire US is vulnerable to this...
I can see it now... (Score:2)
First the universe comes into being once again when Chuck wakes up. He processes to scare the time-space fabric out of his way until he reaches the kitchen where he stares down the coffee pot till it spontaniously brews coffee. Grabbing a chicken from his hen house out back he round house kicks it catching the subsequently, and prefectly made sunny side up eggs in his mouth after they have flown around the world in 14 seconds. He boldly enters his home through a revolving door which his slams upon glancing
Re:I wonder (Score:4, Funny)
Re:And will the Bruce Lee Bot Net be fighting it? (Score:5, Funny)
Will it be involved in some botnet tournament, fighting over Linksys, D-Link and Netgear routers in a winner takes all competition?
That would be the "Highlander" botnet
Re: (Score:2)
Chuck Norris doesn't even need to attack them, they just submit because they know he could fry their CPU with a single packet!
Actually, if they submit they're probably sending a couple of HTTP packets
Re: (Score:2)
So if Confiker owns Windows boxen it's because Windows is awful and shoddy. But if CN owns Linux boxen it's because they are "misconfigured". Grow up, /.
You are obviously new around here.
Re: (Score:2, Informative)
So if Confiker owns Windows boxen it's because Windows is awful and shoddy. But if CN owns Linux boxen it's because they are "misconfigured".
Given that confiker exploited actual bugs in windows which MS had to patch, and that 'Chuck Norris' is exploiting the fact that certain appliance suppliers deliberately 'configured' Linux with a fixed and known id and password, the statement above that you deride is *in this particular case* clearly accurate.
You do understand the difference between an actual bug causi
Re: (Score:3, Informative)
Conficker exploited Windows machines with an unpatched security hole. True, Microsoft had patched the hole but it shouldn't have been there in the first place.
Using a default password to gain what is technologically legitimate access to the operating system is not a vulnerability.
It's like phishing - the fact that someone is too stupid to use online banking safely doesn't imply that their computer was hacked.
Re: (Score:2)
If someone doesn't change the admin password on a piece of hardware, regardless of operating system, that's a configuration error. If, however, the worm targeted an exploit in the kernel stack, that would be something else entirely.
So, in the case of your example, yes, that's correct.
Re: (Score:2)
Considering that Conficker doesn't need misconfigured boxes to work (Keep in mind the true boneheaded nature of the problem- remote admin on and a default password...it's NOT the same thing...)- so, to quote youreself...
Grow.
Up.
They're not the same thing and you need to get over yourself.