Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ALERT! Worm targets Linux routers - psyb0t

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    5 Posts 4 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      freakalad
      last edited by

      Received a post regarding botnet worm targeting posix routers & firewalls

      May not be applicable to pfS, as it targets the WRT-family, but worth keeping an eye on

      http://www.bit-tech.net/news/bits/2009/03/26/worm-targets-linux-routers/1?tcs=nl

      <quote>Users of Linux-based routers are being warned of a new worm in the wild which attempts to take control and add their device to a growing botnet.

      As reported over on vnunet.com yesterday, the 'psyb0t' worm was first spotted by security research group DroneBL recently – but may have been spreading since the start of the year.</quote>

      1 Reply Last reply Reply Quote 0
      • M
        Monoecus
        last edited by

        I would not worry at all about that. First of all, the standard configuration of pfSense only accepts interface connections from the LAN. Second, every admin should use the SSH connection to the router using only certificates and turn the password authentication off.

        1 Reply Last reply Reply Quote 0
        • GruensFroeschliG
          GruensFroeschli
          last edited by

          pfSense = FreeBSD
          Linux != FreeBSD

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          • F
            freakalad
            last edited by

            worms are worms & exploits are exploits.

            thought I'd mention it, since it seems to target "soho" routers, which suffer from a common weakness: relying on end-users to properly configure them.

            after further inspection, it seems not to be extremely malignant or terribly smart (unless one's been compromised, of course), but may point to a worrying trend of attack on linux/unix/posix security devices (though I'm sure that this is nothing new, as such)

            1 Reply Last reply Reply Quote 0
            • Cry HavokC
              Cry Havok
              last edited by

              The malware was very specific about the CPU architecture it targeted.  So not only wouldn't it have worked against pfSense because it's a different OS, but it wouldn't have worked because AFAIK pfSense doesn't run on that CPU ;)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.