ALERT! Worm targets Linux routers - psyb0t
-
Received a post regarding botnet worm targeting posix routers & firewalls
May not be applicable to pfS, as it targets the WRT-family, but worth keeping an eye on
http://www.bit-tech.net/news/bits/2009/03/26/worm-targets-linux-routers/1?tcs=nl
<quote>Users of Linux-based routers are being warned of a new worm in the wild which attempts to take control and add their device to a growing botnet.
As reported over on vnunet.com yesterday, the 'psyb0t' worm was first spotted by security research group DroneBL recently – but may have been spreading since the start of the year.</quote>
-
I would not worry at all about that. First of all, the standard configuration of pfSense only accepts interface connections from the LAN. Second, every admin should use the SSH connection to the router using only certificates and turn the password authentication off.
-
pfSense = FreeBSD
Linux != FreeBSD -
worms are worms & exploits are exploits.
thought I'd mention it, since it seems to target "soho" routers, which suffer from a common weakness: relying on end-users to properly configure them.
after further inspection, it seems not to be extremely malignant or terribly smart (unless one's been compromised, of course), but may point to a worrying trend of attack on linux/unix/posix security devices (though I'm sure that this is nothing new, as such)
-
The malware was very specific about the CPU architecture it targeted. So not only wouldn't it have worked against pfSense because it's a different OS, but it wouldn't have worked because AFAIK pfSense doesn't run on that CPU ;)
