Is Your Router a Botnet Zombie?
Security company Incapsula has uncovered a massive botnet used to launch distributed denial of service (DDOS) attacks. But this botnet wasn’t made of infected computers. Instead, it’s an army of zombie routers, poised to do its master’s bidding.
Incapsula observed traffic from the botnet over the course of 111 days. During that time, it identified some 40,269 IP addresses used in the attack. The infected machines appeared worldwide, coming from 1,600 Internet service providers.
What’s especially surprising about this botnet is that it wasn’t built using some unique new attack. Incapsula discovered that the routers in the botnet were all configured for remote management, meaning users (or attackers) could discover them online and make changes. Nearly all the routers also had pre-set usernames and passwords, so taking control of them was trivial.
“Facilitating the infiltration, all of these under-secured routers are clustered in the IP neighborhoods of specific ISPs, that provide them in bulk to end users,” wrote Incapsula. This made it even easier for attackers to locate and infect routers