(The Hosting News) – A self-replicating program that has been infecting Linksys routers of the E-Series line has been identified as TheMoon, CIO reports.
The worm, identified by SANS Institute’s Internet Storm Center last week, is a program that exploits vulnerabilities in infected Linksys routers by an authentication bypass in the CGI script
According to SANS ISC, multiple E-Series routers were vulnerable to the attack, including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, and E900.
In addition to E-Series routers, Belkin confirmed that some Wireless-N routes were also affected.
“Linksys is aware of the malware called ‘The Moon’ that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers,” stated Belkin Director of Global Communications, Karen Sohl. ”The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled. Linksys ships these products with the Remote Management Access feature turned off by default.”
Sohl also explained that in order to remove the malware, the remote management feature must be disabled on the router and then rebooted.
“Linksys will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks.”
Step by step instructions on how to download the latest firmware can be found here.
|Black Lotus DDoS mitigation Service|
- 24x7 mitigation with guaranteed SLA
- DDoS mitigation facilities throughout North America and Europe
- 480 Gbps of active DDoS mitigation capacity
- Service delivery via GRE, physical cross connections or virtual Ethernet service
- Protect your servers or entire IP space from attacks
- Belkin Goes Big on Routers with Linksys Buy
- Cyber Espionage? Do Huawei Routers Pose U.S. Risk?
- The Planet Upgrades Web Services, with Foundry Core Networks Routers
- Canadian Web Hosting Deploys Juniper MX Series Routers
- Massive Trojan Infects Iranian Computer Systems