Geeks for your information
Spam Botnet of Over 100K Routers Abuses UPnP - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: Spam Botnet of Over 100K Routers Abuses UPnP (/showthread.php?tid=4451)



Spam Botnet of Over 100K Routers Abuses UPnP - silversurfer - 08 November 18

Quote:Security researchers have uncovered a major new botnet of over 100,000 compromised machines, made up mainly of home routers with UPnP enabled.

Netlab 360 researchers Hui Wang and ‘RootKiter’ explained in a blog post that the main target is a vulnerability in the UPnP feature from Broadcom, which is widely available: in fact, 116 infected device models were found. These included routers made by D-Link, Linksys, ZTE, TP-Link, Zyxel, Technicolor and many more.

“The interaction between the botnet and the potential target takes multiple steps, it starts with tcp port 5431 destination scan, then moving on to check target’s UDP port 1900 and wait for the target to send the proper vulnerable URL,” they explained.

“After getting the proper URL, it takes another four packet exchanges for the attacker to figure out where the shellcode's execution start address in memory is so a right exploit payload can be crafted and fed to the target.”

Source: https://www.infosecurity-magazine.com/news/spam-botnet-of-over-100k-routers/