Psyb0t Worming its Way into Home Routers

March 30, 2009
By

Post to Twitter Post to Facebook Post to Reddit

Well, it’s finally arrived: A way to hack into consumer routers and DSL modems via malware. Called the “psyb0t,” worm, psyb0t it is the first (documented) piece of malware to focus on attacking home networking technologies.

According to DroneBL (a real-time monitor of abusable internet addresses), attackers have used psyb0t to carry out DDoS attacks on approximately 100,000 hosts. In addition to the DDoS attacks, DroneBL says that the psyb0t worm has also been used to collect usernames and passwords.

Needless to say, psyb0t is extremely dangerous (and effective) since attackers are using the psyb0t worm to target general consumers who have limited knowledge about internet technology. (Which is exactly why it’s so effective.)

Companies make router set-up seem so easy; you set up the router, get it to work, and *boom* you have internet access. But what people don’t realize is that unless you manually change the settings, you’re leaving your router’s password and settings as the default. And let’s face it: Default passwords usually aren’t very creative, making it fairly easy for an attacker using the psyb0t worm to exploit the people using the default settings on their router.

So what can an attacker do with something like psyb0t?

Create malware sites, of course. For example: If your mom set up her router and it’s successfully infiltrated by the psyb0t worm, it wouldn’t be hard for an attacker to create a malware site for something like her bank. Assuming the attacker wants her financial information, the next time she goes to check her back balance, the attacker can get her username, password, and account information all in one relatively simple swoop. 

While some manufacturers have recently started requiring consumers to choose a password other then the default when setting up their router, many people choose easy passwords, defeating the purpose of choosing a password other then the default. And for the most part, the majority of of the most frequently purchased routers on the market don’t require users to change the default password that comes with the router. In short, both scenarios take us back to step one with users being susceptible to the psyb0t worm.

So is there a solution? Yes and no. There are hypothetical solutions, but many of them require compromises that companies aren’t willing to make. One of the proposed solutions consists of using a randomly-generated default password of a specified length for newly purchased routers, but that would present problems for non-technical users. It would also present a ‘problem’ for companies that don’t want to shell out additional money for hiring people to help with router set-up.

Sadly, this is a classic case of companies choosing usability over security, which is, without a doubt, one of the most common issues in the security field. Using the ever-popular Microsoft as an example, it’s easy to see the costs of choosing usability over security.

While Microsoft programs are arguably some of the most usable on the market, most users only require 10% of the features provided on their Microsoft operating system. This leaves non-technical users wide-open for attack if a vulnerability comes up in the code behind unused features.

There’s a popular (but little used) principle in security that says you should run features and programs only if they’re necessary, and get rid of everything else you don’t use. This means that if you never print at home, you shouldn’t have the printer setting on your computer turned on because it gives you an attack surface. Even though you never use your printer, an attacker can still exploit the printer settings on your computer.

It’s a lot like a target: The bigger a target is, the easier it is to hit it. Users who keep 100% of their computer settings when they only need 10% create a large “target” for attackers.

While you can’t keep every non-technical user from making this mistake, be sure to be conscientious of yourself and those you know when it comes to choosing usability over security. Just because we know a lot about security doesn’t mean we’re immune (as shown in the “Gentleman’s Agreement Talk” at this year’s ShmooCon).

If you’d like to read more about the psyb0t worm, click here

###

Keep the local security community going strong by becoming a subscriber of our site. You can also spread the word about NovaInfosecPortal
 by passing this post along to a friend.

Tags: , , , , , , , , , , , ,

One Response to Psyb0t Worming its Way into Home Routers

  1. [...] on all of the “extras” that tend to run in Microsoft software. Like we talked about in our “Psyb0t Worming its Way into Home Routers” post the bigger the “target,” the more likely that attackers will be successful. And since [...]

Leave a Reply

Your email address will not be published. Required fields are marked *


About Us

Founded in 2008, NoVA Infosec is dedicated to the community of Metro DC-based security professionals and whitehat hackers involved in the government and other regulated verticals. Find out more on our About Us page.