 |
|
 |
|
03.26.09 What Happens When The Internet Infrastructure Gets Hacked?  By Dan Morrill The discovery of a stealth router botnet changes the landscape for hacking devices connected to the internet. Many security people have been talking about what is going to happen when the infrastructure gets hacked; the interesting part is now we get to find out. PsyB0t is a newly discovered router based botnet by Dronebl.org. The botnet though is limited to mipsel device, or OpenWRT kernel with vulnerable demons or poor user/password choices. If you are not running anything like this, then you are ok. If you are running something like this, then you really want to go check your stuff, now. This is not the end of the world, but one very interesting botnet when you read the description by Dronebl. They have broken apart the command interface to show what commands it can run, which if you are familiar with botnets, comes with the full package of stuff you can do. The split command is the interesting bit, in that you can off load the scanning section to two threads rather than one thread making sure the router can handle the load if you hit a huge CIDR block, or there are a lot of vulnerable routers on one subnet. .mode - sets a mode on a channel .login - login to the bot .logout - logout .exit - causes the botnet to exit and remove itself .sh - runs on shell .tlist - lists all threads .kill - kills a thread .killall - kills threads by glob-match pattern .silent - makes the bot stop sending to channel .getip - show bot WAN ip address .visit - flood URL with GET requests
.scan - scans a random range for vulnerable routers/modems .rscan - scans a CIDR range for vulnerable routers/modems .lscan - scans the local subnet for vulnerable routers/modems .lrscan - scans a range in the local subnet for vulnerable routers/modems .split - splits the workload of a scan thread into two threads .sql - scans for vulnerable MySQL servers and attempts to make them download and run URL .pma - scans for vulnerable phpMyAdmin and attempts to make them download and run URL .sleep - makes the bot sleep for the given time .sel - ??? .esel - skip next part if locale is not X .vsel - skip next part if version is not X .gsel - ??? Continue reading this article. About the Author: Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community. |
|
| ||
| -- ITProWire is an iEntry, Inc. publication -- iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509 2009 iEntry, Inc. All Rights Reserved Privacy Policy Legal archives | advertising info | news headlines | free newsletters | comments/feedback | submit article |
