Hackers Using Router to Infect Computers with Malware

Security researchers at DroneBL have found that malware authors are employing routers to spread malware. They have also revealed that a sophisticated malware piece has been found that converts users' DSL modems and routers into a dangerous botnet called 'Psybot'.

The security company further said that Psybot was specifically designed to attack home network routers that include embedded Linux for Microprocessor without Interlocked Pipeline Stages (MIPS) CPUs. The botnet also employs deep-packet inspection technique to siege user names and passwords. This technology facilitates in the installation of advanced security functions on the system.

DoneBL researchers also state that the new technique used by hackers is extremely sophisticated and advanced as end-users would not be able to know that their network has been hacked, as reported by The Register on March 24, 2009. They added that hackers would use it as an effective attack vector to steal personally identifiable information in future.

Moreover, after taking control over the system, hackers use it to plant a malware ridden file on the target system which later on executed, explained security researchers. Once the malware is installed on the system, it doesn't allow legitimate users to connect with the devise by blocking web access, SSHD (Solid State Hard Disk) and telnet (Telecommunication network). It then connects the hacked devise with the botnet.

As "Netcomm NBS" (modem router) has several security vulnerabilities that could be easily exploited, it is another main target for hackers, said security experts.

DoneBL states that the botnet has clogged around 80,000 system till now, but estimated figure is much higher approximately one hundred thousand. Although this figure seems unrealistic, Psybot has proven that Windows PCs are not the only devises that usually targeted by the botnet. Thus, an immediate action is the need of an hour to circumvent the spreading of worm and to spot it.

Meanwhile, researchers have said that they first discovered the worm when they were trying to know the cause of DDoS attack that hit the infrastructure of DroneBL in the first week of March 2009.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 3/27/2009