Check for Psybot

Check for Psybot

In January 2008, I wrote two articles (Jan. 3, 2008 & Jan. 15, 2008)  about an computer virus infection vector that almost no one else had looked at.   Except William Pitcock over at Dereferenced Technologies.  And the Indiana University Students who wrote about Wifi Epidemiology.

This week, eWeek’s Larry Seltzer brings us the story of the first implementation of these ideas, in his story The First Linux Botnet, which is titled to spread maximum fear.  Specifically, it appears that the psyb0t worm attacks not only a long list of linux embedded devices, but also attacks routers running VxWorks based firmware, as well.

As Pitcock and I both suggested, the network gateway hardware is a much softer target for infection, especially when the hardware manufacturers ship the hardware with default passwords, administrative access via the WAN port, and other bone-headed security practices.

The psyb0t worm has the following characteristics:

  • is the first botnet worm to target routers and DSL modems
  • contains shellcode for many mipsel devices
  • is not targeting PCs or servers (except as noted below)
  • uses multiple strategies for exploitation, including bruteforce username and password combinations
  • harvests usernames and passwords through deep packet inspection
  • can scan for exploitable phpMyAdmin and MySQL servers

The dangers of an infected network gateway range from “untracable” phishing attacks (how will you EVER know if you’re really talking to your bank, ever again?) to SPAM forwarding (while the user’s PC checks clean for viruses and malware, every time you scan it!), to such malicious things as an open proxy running on your router, allowing someone to use your ISP given IP address to download anything they can find on the Internet, and it appear (to your ISP) that YOU were the person downloading, oh, say Child Pornography.

The affected class of devices includes DSL modems, and routers, including netgear, linksys, and others.   Running custom firmware on the router does not provide safety from this exploit, as the default passwords for the custom firmware are known.   If you think you may be affected, please follow through with cleaning your equipment.

There are reports that recently, the psyb0t worm has been shut down by it’s creator, and further that the creator of the worm indicated that he’d infected at least 80 thousand endpoint devices.

If you fear that your network equipment may have been infected, the recommended process for cleaning it is to turn it off, wait a few seconds, turn it back on, and then if possible, download and install the latest version of the firmware for your device.  Infected devices can be detected, because they will no longer respond if you attempt to manage them, via their web interface.

I strongly recommend that you read our previous coverage on this issue, and that you stay tuned.  We’re looking for more information on this and other security threats.

Upcoming Elections

BernieSo, its that time again, elections are soon upon us. The normal people saying ‘I don’t like politics I don’t even vote’ are out in their usual numbers. The problem is, not voting is giving up your say, you make those people who do vote voice louder. This election cycle we have a chance to take our country back from the fountain of billionaires and hate that is the republican party. We have a chance to end the party politics as usual. We have a chance to make a difference in the country we live in. If you are sick of business as usual politics you want to know about Bernie Sanders.

Continue Reading »

2014 in review

The WordPress.com stats helper monkeys prepared a 2014 annual report for this blog.

Here’s an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 18,000 times in 2014. If it were a concert at Sydney Opera House, it would take about 7 sold-out performances for that many people to see it.

Click here to see the complete report.

So, if you follow Axis & I, you know we work with computers, both in our day jobs, and for many clients on the side, in our down time. Being techies, we’re good at solving a broad range of technical issues, but some times the business side is just a bother.  We have found tools to help us with invoicing, The final area that lots of quality technical people run into trouble with is Lead Generation.  I am experimenting with a new website www.thumbtack.com which appears to do a very good job of lead generation.  In the first 2 days, its provided me with 5 leads. I’m still building my profile there, but they have excellent tools, and helpful support people that make it all very simple to put together a solid representation of your skills, and even lets you include reviews by your existing clients.

Once my profile is complete, its looking like I’ll have a solid lead generation system, with the ability to provide quotes to leads as they come in. So, it sounds pretty sweet, huh? It is. Submitting a quote to a lead is inexpensive, and if your quote isn’t looked at by the potential client, that small fee is refunded.  Leads are sent out to all available users, but only the first 5 quotes are sent to the potential client, meaning a high probability of collecting a new client, for a very reasonable cost.

So, if you need help generating leads, drop by thumbtack.com.

 

Follow

Get every new post delivered to your Inbox.

Join 107 other followers