Wireless Routers Vulnerable to Virus Attacks
|March 6, 2014|
Updating computer anti-virus software is a familiar concept for most, but recent reports highlight that other hardware devices may be vulnerable to attacks.
There have been reports recently that some home and small-office wireless routers from Linksys have been attacked by malware. The Linksys models that have reportedly been infected are the E1000, E1200 and E2400.
Router firewalls provide strong protection against online attacks by filtering out incoming traffic that the user behind the firewall did not initiate. However, routers can become susceptible to attack if a user enables the remote administration capability. When enabled, the “Moon” virus can bypass the username and password prompt on affected devices. It’s been reported the virus has infected nearly 1,000 Linksys routers. This number is expected to climb. Linksys said the worm affects only those devices that have the Remote Management Access feature enabled. Linksys said it ships routers with that feature turned off by default. Linksys is working on a fix. Users can block this attack by disabling the router’s remote management feature.
Routers appear to return to their normal state once rebooted. To see if a device is infected, check for heavy outbound scanning on port 80 and 8080 and inbound connection attempts to miscellaneous ports below 1024.
This comes a week after it was discovered in Poland that an ongoing attack was stealing online banking credentials by modifying home routers' domain name system. Once in the router, the virus would redirect the victims' computers, tablets and smartphones to fraudulent websites masquerading as an authentic bank service. The sites would then steal the victims' login credentials.
It’s also been reported that some ASUS routers and any attached storage device may be exposed if users have enabled the remote access features in the routers. ASUS routers affected include RT-AC66R, RT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, and RT-N16R.
Enabling any of the “AiCloud” options on the devices—such as “Cloud Disk” and “Smart Access”—creates the vulnerability. ASUS released firmware updates to address this issue. Affected users can go here to find the latest firmware updates and instructions for updating their devices by entering the model name/number of the device.
ALTA’s “Title Insurance and Settlement Company Best Practices” provides guidelines on protecting non-public personal information and appropriate written procedures and controls for escrow trust accounts.