You Are Here: Home » Computers » Linux » News » Security

Chuck Norris botnet attacks linux-based routers

By Ricky on February 22nd, 2010 

If you have not changed the default password of your internet router or DSL modem, now might be a good time to do it. Otherwise you may get an unwanted visit from Chuck Norris.

No, not the actor. We are talking about the Chuck Norris botnet.

Czech researchers have discovered that the Chuck Norris botnet has been spreading by taking advantage of poorly configured routers and DSL modems. The botnet got the Chuck Norris name from a programmer's Italian comment in its source code: "in nome di Chuck Norris", which means "in the name of Chuck Norris".

Although there are plenty of malwares out there which infects PCs, Chuck Norris is very unusual in that it infects the DSL modems and routers. As of now, it is not known how large the botnet has spread.

Jan Vykopal, the head of the network security department with Masaryk University's Institute of Computer Science, Czech Republic, said this about the botnet:

It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access. It also exploits a known vulnerability in D-Link Systems devices.

The botnet is particularly very dangerous because it can change the DNS settings of the infected router. This means that when you enter the URL of a website, say, the router can take you to another website. Using this, the botnet can leave the users vulnerable to phishing attacks and maybe trick users to downloading other malwares.

The botnet is controlled via IRC. Once installed in the router's memory, it blocks remote communication ports and begins to scan the network for other vulnerable machines. The botnet can then launch a password-guessing dictionary attack on other machines in the network.The Chuck Norris infected machines can also be used to attack other systems on the Internet through a distributed denial of service attacks.

Removing the botnet from an infected system is however very easy. As it resides in the RAM, all that is needed to remove is to simply restart the machine.

Measures that can be taken to ensure that Chuck Norris does not infect your machine are:

  • Using a very strong password.
  • Disabling remote-access service.
  • Updating the firmware.

[via PC World]


Chuck Norris botnet attacks linux-based routers was originally published on on February 22, 2010 - 11:03 pm (Indian Standard Time)