(The Hosting News) – A self-replicating program that has been infecting Linksys routers of the E-Series line has been identified as TheMoon, CIO reports.
The worm, identified by SANS Institute’s Internet Storm Center last week, is a program that exploits vulnerabilities in infected Linksys routers by an authentication bypass in the CGI script
According to SANS ISC, multiple E-Series routers were vulnerable to the attack, including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, and E900.
In addition to E-Series routers, Belkin confirmed that some Wireless-N routes were also affected.
“Linksys is aware of the malware called ‘The Moon’ that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers,” stated Belkin Director of Global Communications, Karen Sohl. “The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled. Linksys ships these products with the Remote Management Access feature turned off by default.”
Sohl also explained that in order to remove the malware, the remote management feature must be disabled on the router and then rebooted.
“Linksys will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks.”
Step by step instructions on how to download the latest firmware can be found here.