A Self-Replicating Program Infects Linksys Routers
February 17th, 2014 By:THN News
(The Hosting News) – A self-replicating program that has been infecting Linksys routers of the E-Series line has been identified as TheMoon, CIO reports.
The worm, identified by SANS Institute’s Internet Storm Center last week, is a program that exploits vulnerabilities in infected Linksys routers by an authentication bypass in the CGI script
According to SANS ISC, multiple E-Series routers were vulnerable to the attack, including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, and E900.
In addition to E-Series routers, Belkin confirmed that some Wireless-N routes were also affected.
“Linksys is aware of the malware called ‘The Moon’ that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers,” stated Belkin Director of Global Communications, Karen Sohl. “The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled. Linksys ships these products with the Remote Management Access feature turned off by default.”
Sohl also explained that in order to remove the malware, the remote management feature must be disabled on the router and then rebooted.
“Linksys will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks.”
Step by step instructions on how to download the latest firmware can be found here.
|Caronet Colocation - It´s More Than Power, Space and Connectivity|
* True A + B Power Feeds - Ensuring the Highest Level of Redundancy
* 99.999% Uptime SLA Guarantee
* N + 1 Power and Cooling with UPS plus Backup Generators On-Site
* 24 x 7 x 365 Security - Interior and Exterior Motion Sensitive Video
* Smart Expansion Options Without Large Upfront Capital Expenses