Submission + - Lizard Stresser DDoS-for-Hire Service Built on Hacked Home Routers (krebsonsecurity.com) 2
tsu doh nimh writes: The online attack service launched late last year by the same criminals who knocked Sony and Microsoft's gaming networks offline over the holidays is powered mostly by thousands of hacked home Internet routers, reports Brian Krebs. From the story: "The malicious code that converts vulnerable systems into stresser bots is a variation on a piece of rather crude malware first documented in November by Russian security firm Dr. Web, but the malware itself appears to date back to early 2014. As we can see in that writeup, in addition to turning the infected host into attack zombies, the malicious code uses the infected system to scan the Internet for additional devices that also allow access via factory default credentials, such as 'admin/admin,' or 'root/12345'. In this way, each infected host is constantly trying to spread the infection to new home routers and other devices accepting incoming connections (via telnet) with default credentials.
Defaults (Score:2)
ISPs need to do active scanning and if they get key replies from their clients- cut them off. The only sites they can reach are a default warning explaining how to clean their systems and change default passwords and a download page of malware cleaners and free antivirus choices.
Of course, to work this would have to be a worldwide standard.
Re: (Score:2)
This is a bad idea.
1) This would teach users that when they are redirected to a page that offers malware cleaners and antivirus choices, they should download and install one. Most such pages are frauds, and the user won't understand the difference between the ISP sending them to the page and a banner ad or phishing email sending them to a similar-looking page,
2) Given the way that ISPs are actually run, encouraging ISPs to detect malware will lead to ISPs just detecting and banning all sorts of unusual act