Botnet pwns 100,000 routers using ancient security flaw

From nakedsecurity.sophos.com

Researchers have stumbled on another large botnet that’s been quietly hijacking home routers while nobody was paying attention.

This one’s been named BCMUPnP_Hunter by discoverers Qihoo 360 Netlab, which says it’s infected at least 100,000 routers in the US, India and China since September.

The BCM part of that name refers to a security flaw affecting a Broadcom router software interface that was first made public in February 2013 by DefenseCode.

The UPnP, of course, is Universal Plug and Play, a longstanding and widely abused networking protocol designed to make it easy for devices to talk to one another without the need for complicated configuration.

We’ll skip the sermon about turning that off if you don’t need it (it’s not the only risky router interface that deserves this treatment after all), and merely note that Qihoo’s use of ‘Hunter’ at the tail end of this bot’s name is a warning.

BCMUPnP_Hunter feels like a despairing story for at least two reasons; the first being the range of products it affects.

Read more…