In a recent report, security researchers have seen an marked increase in the number of attacks by botnets on unconfigured (store-bought) routers, switches and wireless gateways.

Czech researchers at Masaryk University’s Institute of Computer Science in Brno, Czech Republic have discovered the “Chuck Norris Botnet”, whose army of compromised computers silently and stealthily probes IP addresses for unsecured routers, wifi-gateways, switches and other network hardware – then attempts to guess the passwords of these machines in order to spread itself.

Botnets are “distributed networks of compromised computers and network-connected hardware which are used to launch attacks against other machines or to steal private information, such as passwords and bank account information, from users.” says Josh Wepman, a Security Researcher at BitForce Consulting LLC, he adds “many users aren’t even aware that their machine is being used against their will – and that’s the beauty of the attack – thousands of computers under the complete and total control of the hacker”.

Anatomy of a Botnet Attack

Major companies affected by this attack, such as D-Link were not aware of the problem, however note that the best way to fix a compromised box is to manually reset the entire system, however the Chuck Norris Botnet resides in RAM, not the hard disk, so simply resetting the router would fix a compromised machine. Changing passwords from factory defaults was also strongly recommended.

The biggest danger of the Chuck Norris Botnet is that it sends poisoned DNS replies to the user, potentially causing the user to visit malicious websites and therefore to divulge secret information (such as passwords) to an attacker.

The easiest and best way to prevent against this particular botnet, and from manual attacks against your system is to always change your passwords from a factory default setting to a secure alternative. Regular patches and updates are very important to routers, as well.

Share This Article

Filed under:
Articles by wepman