| 词条 | Psyb0t |
| 释义 |
ProgressPsyb0t was first detected in January 2009 by Australian security researcher Terry Baume in Netcomm NB5 ADSL router/modem. Then, in early March, it ran a DDoS attack against DroneBL (an IP blacklisting service). From this attack, DroneBL estimated that it had infected about 100000 devices. This attack brought some public attention to it in later March which probably caused its operator to shut it down. Also DroneBL successfully attempted to bring its command-and-control and its DNS servers down. DescriptionPsyb0t targets modems and routers with little-endian MIPS processor running on Mipsel Linux firmware. It is a part of botnet operated by IRC command-and-control servers. After infecting, psyb0t blocks access to the router TCP ports 22, 23, 80. Psyb0t contains many attack tools. It is known that it is able to perform network scan for vulnerable routers/modems, check for MySQL and phpMyAdmin vulnerabilities or perform website DoS attack. There are two versions known. The first version 2.5L was affecting Netcomm NB5 ADSL router/modem. Newer version 2.9L now affects over 50 models by Linksys, Netgear and other vendors, including those running DD-WRT or OpenWrt firmware.[2] Attack vectors and countermeasuresThe primary attack vector is SSH or telnet access. Using brute-forcing, it tries to gain access from over 6000 usernames and 13000 passwords. However, 90%[2] of infections are caused by insecure configuration, mostly no or default administration password and allowed remote administration. Recommended countermeasures are to change default access credentials to more secure ones and to update router/modem firmware. In case of infection suspicion, it is advised to perform hard reset of the router. References1. ^{{cite web|url= http://www.pcworld.com/article/161941/nasty_new_worm_targets_home_routers_cable_modems.html?tk=rss_main|title=Nasty New Worm Targets Home Routers, Cable Modems|last=Paul|first=Ian|date=25 March 2009|work=PC World|accessdate=2009-03-26}} 2. ^1 {{cite web | author=Kristin Shoemaker | title=Psyb0t Evolves, Targets Unprotected Linux Mipsel Routers | url=http://ostatic.com/blog/psyb0t-evolves-targets-unprotected-linux-mipsel-routers | work= | publisher=OStatic | date=25 March 2009 | accessdate=2009-04-05}} External links
1 : Computer worms |
| 随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。