Linksys makes a fix for the software on several of its routers to prevent a worm she infects. The fix should be in the coming weeks. According to the router manufacturer, is the risk of the malware for consumers is limited.
The fix must be in the ‘coming weeks’ on the site of Linksys, so says the Linksys owner Belkin, in a statement against Tweakers on this week discovered malware. The worm, which TheMoon is called, makes use of a vulnerability in the ‘Remote Management’feature of the routers. The leak is in the E2500,, E1000, E1200.
Belkin thinks that the malware few consumers will take. “Consumers are only at risk if they are ‘Remote Management’ in the firmware have checked. That is by default unchecked,” said a spokesperson against Tweakers. Users who still use it, can prevent the worm she infects by the Remote Management to disable and reboot.
What the malware exactly does is unclear, except that he automatically spread to other Linksys routers. Once installed, it searches for the worm within certain netblocks to vulnerable routers. The scans focus on ports 80 and 8080, and then to the vulnerable routers a post-request is sent, which the attacker’s own code to run. It is unclear how that works.
After infection, a second file downloaded, that probably additional code contains. Additionally, it seems the worm to connect to a command-and-control server: the second binary contains a number of hostnames.