Researchers at security firm Finjan have uncovered a massive botnet of Windows machines. The botnet is 1.9 million machines strong, with many of the machines located in the United States: 45% of them are located in the US. The researchers detailed their findings at the RSA Conference in San Fransisco.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2006-02-15
Now if there was a Linux botnet, that would be interesting.
There IS atleast one Linux botnet...but it's a small one, and runs only on unpatched OpenWRT routers. So it's not exactly capable of much more than trying to sniff the packets going through it for something interesting or DDOS attacks.
Member since:2009-04-23
This botnet does not use a vulnerability in OpenWrt, so the only thing that needs to be patched to prevent the router from participating in a botnet, is the user
Member since:2005-07-24
"""
There IS atleast one Linux botnet...but it's a small one, and runs only on unpatched OpenWRT routers.
"""
As an OpenWRT fan, I'd like to clarify that:
1. The worm only uses a simple brute force password attack on telnetd and sshd.
2. OpenWRT does not run telnetd by default.
3. All incoming WAN ports are blocked by default, including ssh.
4. There is no "patch" required, since there is no vulnerability involved.
5. The worm itself is only compatible with mipsel CPUs.
So to be vulnerable, one has to manually open up ssh incoming on the WAN port, select an insanely poor password, and do it on a mipsel-based router. There is no "default" password. After you flash, you log in on the lan port via telnet and set a password. Once that is done, telnet is automatically disabled. Reboot, and the router is ready to go.
Edited 2009-04-23 22:59 UTC
Member since:
2005-07-07
That's because the term Windows before botnets is superfluous in a similar way to how saying Rome is sufficient, while Italian Rome just makes you look silly.
Now if there was a Linux botnet, that would be interesting.