Sign Me Up For
The Free Assessment

 

NEWS FLASH: Millions of routers allegedly backdoored with malware that can’t be removed

The Mirai malware has been all over the news for quite some time. One of the hackers responsible for the said attack has claimed that theyt have infected millions of routers with modified malicious firmware which cannot be removed and the only solution is to trash the router.

Gamers have been keen with how their internet connections are and they expect it to be fast and reliable. However there are certain routers powered with the Intel Puma 6 chipset that causes sudden spikes or lag and packet loss. In layman’s terms, this delay would end up costing gamers their gaming performance. Although some or most gamers always blamed losing or dying in the game due to lag, Intel has acknowledged that this chipset has a flaw.

Some of the devices that use the said chipset are Arris, Linksys and Cisco routers, as well as some which ISPs charge you for such as Comcast’s Xfinity and Virgin Media’s Superhub 3. Arris is a common brand used by ISPs and Intel has been working on a new firmware to fix the issue.

Yes. You read it right. A firmware fix is being developed.

Lag can definitely ruin a game, can cause streaming issues and VOIP issues. However, one of the hackers responsible for the Mirai malware claims that they have pwned o couple of million routers; he stated that these routers cannot be fixed by a simple firmware fix.

Most people are advised that turning off the router disconnects it from malware attacks. Even though the malware is not in the memory as of the moment, once it it powered back on, it might get infected again and continue to participate in more DDoS attacks due to the fact that tons of other devices are on the hunt for devices that can participate with the attack and further be exploited.

A hacker named “BestBuy” has demonstrated by setting up a server that automatically exploits router flaws and infects the routers with malicious firmware that cannot be removed. He is one of the hackers that is allegedly responsible for the massive IoT-powered attacks last October. He is also the same person who apologized for knocking out Deutsche Telekom customers offline after Mirai has been modified and is now part of a zombie army that permanently infects routers.

    “They are ours, even after reboot. They will not accept any new firmware from [Internet Service Provider] or anyone, and connect back to us every time :). Bots that cannot die until u throw device into the trash.”

It is important to note that BestBuy’s claims are unverified as no one has yet found one of his permanently backdoored routers in the wild.

Nevertheless, hacker “BestBuy” attempted to “prove” his claims are real.

He demonstrated to Lorenzo Franceschi-Bicchierai live stats of what appeared to be an Access Control Server being used to push out the malicious firmware. Within a few hours, the number of “accessed” devices grew from 500,000 to 1.3 million.

Then, he shared login credentials to show “a long list of allegedly infected routers, with their model name and unique ID.”

Security experts pinged in on the plausibility of his claims and they have concluded that it is possible as long as the hackers didn’t make errors when creating the malicious firmware for such a huge array of router models.

It is alarming that they have done a lot of tweaking with the router’s firmware and pushed the changes to tons of exploitable devices.

There is a online movement that does a hacking back for good for volatile subjects. If the the claims of the hacker A.K.A. “BestBuy” is true, there is hope for more of the “malware for good” to be release in the wild.

More than a year ago a hacking group named “White Team” claims to have developed Linux.Wifatch. This is a type of white hat malware that infected tens of thousands of devices in order to improve device decurity. Once an IoT device with weak credentials has been infected, it was scanned for known malware; and in turn, the device is also security hardened to prevent further malicious malware infection.

Although nobody wants their routers compromised, the upside is that the new “vigilante malware” was used to help people. Even though they employed the same tactics as the bad malware, I wouldn’t mind the good malware coming in to the router and protecting it and hopefully can counter-act the firmware of the malware coming from the botnet that allegedly cannot be removed.

As of this writing, Intel Global Communications wants to make sure you don’t think the latency issue from Intel’s Puma chipset is related to the malware-infected router problem. The chipset causing lag is a big problem of its own. Also, he says the fix “is being deployed.” Hopefully it won’t take months to roll out via ISPs.

Written by

No Comments Yet.

Leave a Reply

Message

[contact-form-7 id="5555" title="Mobile Form"]