Router-Compromising Malware in Latin America
TrendLabsSM is currently taking a look at an interesting .ELF file that is actually an IRC backdoor program. We initially found some code suggesting that it performs brute-force attacks on router user name-password pairs.
This malware is predominantly found in Latin America but we are also checking the extent of infection in other regions. The attacks also work against D-LINK routers though we are also verifying if it works on others.
An infected system also connects to a botnet on IRC servers and is capable of receiving and executing commands. Trend Micro detects the offending code as ELF_TSUNAMI.R. Analysis is ongoing and we will be posting updates as new information is found.
There was an old attack in 2008 that targeted routers in Mexico, which we blogged about in the entry “Targeted Attack in Mexico: DNS Poisoning via Modems.”
Update as of March 11, 2011, 6:08 AM Pacific Time
- ELF_TSUNAMI.R is MIPS-based (Microprocessor without Interlocked Pipeline Stages)—a processor typically used in small devices such as routers. The means as to how an attacker would be able to drop the said file into a router is not yet determined, but it is possible that the .ELF file is just a component of a much bigger threat.
- It exploits a vulnerability that affects certain D-Link routers. Successful exploitation of the said vulnerability grants a remote attacker complete administrative access to the affected router.
- It is also capable if disabling the firewall of the affected router by executing the command /etc/firewall_stop
Post from: TrendLabs | Malware Blog – by Trend Micro
Router-Compromising Malware in Latin America
Spotlight
Cloud Computing
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
- Desktop virtualization can enhance security performance
- Cybersecurity cooperation becoming military necessity
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- FBI trying to train financial execs on cyber threats
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet