Czech Security Researchers Unearth ‘Chuck Norris’

According to security researchers in Czechoslovakia, they've unearthed a globally operating network of bots, which possibly diverts people surfing Web onto other websites that are malicious in nature.

Said the security project's Head, Jan Vykopal of Masaryk University, that the country's Defense Ministry found the botnet when it was working on a project named CYBER. The project involved several agencies doing research for methods to enhance Czechoslovakia's cyber defenses, he said. darkREADING reported this on February 18, 2010.

The botnet, dubbed Chuck Norris, has been assigned this name after the name of a martial arts specialist and a Hollywood star.

The security researchers claimed that different kinds of botnets are known to have compromised innumerable computers so far across the world, but Chuck Norris infects routers and DSL modems instead of the PCs.

This botnet plants its payload on modems and routers after speculating default administrative passwords as well as by fully using the fact that several devices are programmed for letting remote access. Moreover, Chuck Norris exploits a familiar security flaw within D-Link Systems devices, the researchers reported.

According to Vykopal, similar to Psyb0t, an old botnet that infected routers, Chuck Norris too infects MIPS (Microprocessor without Interlocked Pipeline Stages) based devices that run on Linux operating systems, provided the administrative username and password of the OS are weak. This MIPS-Linux amalgamation is popularly utilized in DSL modems and routers. However, the botnet strikes receivers of satellite TVs as well, reported COMPUTERWORLD on February 19, 2010.

Additionally, according to experts, Chuck Norris could fruitfully be used to attack even adequately protected servers. It perceivably spreads across entire South America and Europe as well as China. The main command and control computer server of the botnet lies in Italy.

The experts further added that because the botnet survives within the router's RAM, a system restart can easily remove it. Users wanting to avoid the infection can lessen the risk by simply setting a 'hard to crack' password on the DSL modem or router. Moreover, the problem can also be dealt with if remote access services are disabled and firmware is made up-to-date.

Related article: Cisco Finds Two Vulnerabilities and Recommends for Patches

» SPAMfighter News - 3/1/2010