[CWN-Summit] Re: FYI: OpenWRT/DDWRT-based botnet causing DDOS attack

Ben West westbywest at gmail.com
Tue Mar 24 14:02:07 CDT 2009


Here is a cached copy (via Yahoo) of the DroneBL announcement at
http://www.dronebl.org/blog/8

This provides details of how the botnet infects more machines.  They
estimate *100,000* infected machines!

http://74.6.239.67/search/cache?ei=UTF-8&p=http%3A%2F%2Fdronebl.org%2Fblog%2F8&fr=ubuntu&u=dronebl.org/blog/8&d=XjpWTp2uSg7q&icp=1&.intl=us

On Tue, Mar 24, 2009 at 1:53 PM, Ben West <westbywest at gmail.com> wrote:
> From Slashdot:
>
> "The people who bring you the DroneBL DNS Blacklist services, while
> investigating an ongoing DDoS incident, have discovered a botnet
> composed of exploited DSL modems and routers. OpenWRT/DD-WRT devices
> all appear to be vulnerable. What makes this worm impressive is the
> sophisticated nature of the bot, and the potential damage it can do
> not only to an unknowing end user, but to small businesses using
> non-commercial Internet connections, and to the unknowing public
> taking advantage of free Wi-Fi services. The botnet is believed to
> have infected 100,000 hosts." A followup to the article notes that the
> bot's IRC control channel now claims that it has been shut down,
> though the ongoing DDoS attack on DroneBL suggests otherwise.
> http://it.slashdot.org/article.pl?sid=09/03/23/2257252&art_pos=14
>
> Here is a related post on DDWRT forums.
> http://www.dd-wrt.com/phpBB2/viewtopic.php?p=278399
>
> Here is the announcement from DroneBL.
> http://www.dronebl.org/blog/8
>
> The dronebl site being attacked is not available, probably because of
> DDOS attack itself and slashdot effect, but apparently you can tell if
> your router has been compromised if you can no longer SSH in.
>
> Another compelling argument for using long, complex passwords on any
> login port you open up to the outside, or at least key-based login.
>
> --
> Ben West
> westbywest at gmail.com
>



-- 
Ben West
westbywest at gmail.com


More information about the CWN-Summit mailing list