Embedded Files
Post date: Mar 24, 2009 7:12:26 PM
This is a security advisory for anyone passing by who happens to run open source firmware on their broadband router. This problem does not affect WasabiNet in any way.
From Slashdot:
"The people who bring you the DroneBL DNS Blacklist services, while investigating an ongoing DDoS incident, have discovered a botnet composed of exploited DSL modems and routers. OpenWRT/DD-WRT devices all appear to be vulnerable. What makes this worm impressive is the sophisticated nature of the bot, and the potential damage it can do not only to an unknowing end user, but to small businesses using non-commercial Internet connections, and to the unknowing public taking advantage of free Wi-Fi services. The botnet is believed to have infected 100,000 hosts." A followup to the article notes that the bot's IRC control channel now claims that it has been shut down, though the ongoing DDoS attack on DroneBL suggests otherwise.
http://it.slashdot.org/article.pl?sid=09/03/23/2257252&art_pos=14
Here is a related post on DDWRT forums.
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=278399
Here is the announcement from DroneBL.
The dronebl site being attacked is not available, probably because of DDOS attack itself and slashdot effect, but apparently you can tell if your router has been compromised if you can no longer SSH in.
Here is a cached copy (via Yahoo) of the DroneBL announcement at
This provides details of how the botnet infects more machines. They estimate *100,000* infected machines!
Page updated
Google Sites
Report abuse