A Self-Replicating Program Infects Linksys Routers

A Self-Replicating Program Infects Linksys Routers

Belkin Linksys malware TheMoon

February 17th, 2014 By:

(The Hosting News) – A self-replicating program that has been infecting Linksys routers of the E-Series line has been identified as TheMoon, CIO reports.

The worm, identified by SANS Institute’s Internet Storm Center last week, is a program that exploits vulnerabilities in infected Linksys routers by an authentication bypass in the CGI script

According to SANS ISC, multiple E-Series routers were vulnerable to the attack, including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, and E900.

In addition to E-Series routers, Belkin confirmed that some Wireless-N routes were also affected.

“Linksys is aware of the malware called ‘The Moon’ that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers,” stated Belkin Director of Global Communications, Karen Sohl.  “The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled. Linksys ships these products with the Remote Management Access feature turned off by default.”

Sohl also explained that in order to remove the malware, the remote management feature must be disabled on the router and then rebooted.

“Linksys will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks.”

Step by step instructions on how to download the latest firmware can be found here.

Caronet Cloud - VMware Private and Public Cloud

* No Force-Fitting Configurations - Build to Your Requirements
* Enhanced Security, High Performance and Robust Infrastructure
* Fully-Redundant Architecture Built for High Reliability
* RESTful API - User Friendly & Syncs Easily with Current Programming
* Enterprise Level Support 24 x 7 x365