(The Hosting News) – A self-replicating program that has been infecting Linksys routers of the E-Series line has been identified as TheMoon, CIO reports.
The worm, identified by SANS Institute’s Internet Storm Center last week, is a program that exploits vulnerabilities in infected Linksys routers by an authentication bypass in the CGI script
According to SANS ISC, multiple E-Series routers were vulnerable to the attack, including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, and E900.
In addition to E-Series routers, Belkin confirmed that some Wireless-N routes were also affected.
“Linksys is aware of the malware called ‘The Moon’ that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers,” stated Belkin Director of Global Communications, Karen Sohl. ”The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled. Linksys ships these products with the Remote Management Access feature turned off by default.”
Sohl also explained that in order to remove the malware, the remote management feature must be disabled on the router and then rebooted.
“Linksys will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks.”
Step by step instructions on how to download the latest firmware can be found here.
|Steadfast Colocation, Support | Chicago and New Jersey|
- Three locations: Two in downtown Chicago, one in Edison, New Jersey
- 100% Uptime SLA in Tier II and Tier III data centers
- Multiple carrier options available
- Meets regulatory compliance: SSAE16 and SAS70 audited
- Management Available, allowing more time for your core business
- Belkin Goes Big on Routers with Linksys Buy
- CryptoPHP and other Malware Infects WordPress Themes
- Cyber Espionage? Do Huawei Routers Pose U.S. Risk?
- The Planet Upgrades Web Services, with Foundry Core Networks Routers
- Canadian Web Hosting Deploys Juniper MX Series Routers