Results 1 to 3 of 3

Thread: psybot infections

  1. #1
    JC
    Guest

    psybot infections

    I have been receiving a number of TCP hits coming in all
    attacking port 23. My ISP emailed me a couple of days ago to
    tell me that they thought that the origin of the hits was psybot
    which infects modems and routers.

    The link below gives some details about the bot:-
    http://apcmag.com/new-worm-can-infec...demrouters.htm

    The bot infects various modems/routers which makes it impossible
    to detect using virus/trojan scans on your PC.

    How do you detect if your modem or router are infected? The
    only way I can think of would be to have a sniffer sitting on the
    network side of the modem checking all outgoing traffic.
    --

    Cheers . . . JC

  2. #2
    Moe Trin
    Guest

    Re: psybot infections

    On Sun, 29 Mar 2009, in the Usenet newsgroup comp.security.firewalls, in article
    <gimts4pvr0k53g5qnss2ataqj18fmmjhr9@4ax.com>, JC wrote:

    >I have been receiving a number of TCP hits coming in all
    >attacking port 23. My ISP emailed me a couple of days ago to
    >tell me that they thought that the origin of the hits was psybot
    >which infects modems and routers.


    Can't say that I've seen any, but I haven't had anything listening
    on port 23 for perhaps ten years. Telnet (RFC0854 from May 1983)
    isn't exactly known as a secure application.

    >The link below gives some details about the bot:-


    A list of 6000 usernames and 13,000 passwords were also included, to
    be used for brute force entry to Telnet and SSH logins which are open
    to the LAN and sometimes even the public WAN side of the routers.

    Shades of the W32/Deloder from March 2003. Idiots will always be
    idiots, and refuse to learn from the past. Default, or terribly
    easy passwords on an interface wide open to the world. LAN side
    only access makes it harder on the bad guy - they've got to 0wn3 the
    computer behind the router in order to access it. Want to guess how
    hard that is?

    >The bot infects various modems/routers which makes it impossible
    >to detect using virus/trojan scans on your PC.


    Yeah - you have to think instead. Like trying to connect to port 22
    or 23 on the Internet address (not the 192.168.1.1 side where it is
    less vulnerable) of your modem/router. Hell, you could even use one
    of the many Internet port scanning services.

    >How do you detect if your modem or router are infected? The
    >only way I can think of would be to have a sniffer sitting on the
    >network side of the modem checking all outgoing traffic.


    Why not change the password on the modem/router to something more
    secure, and disable Internet side access to that port?

    Old guy

  3. #3
    1PW
    Guest

    Re: psybot infections

    On 03/28/2009 07:26 PM, JC sent:
    > I have been receiving a number of TCP hits coming in all
    > attacking port 23. My ISP emailed me a couple of days ago to
    > tell me that they thought that the origin of the hits was psybot
    > which infects modems and routers.
    >
    > The link below gives some details about the bot:-
    > http://apcmag.com/new-worm-can-infec...demrouters.htm
    >
    > The bot infects various modems/routers which makes it impossible
    > to detect using virus/trojan scans on your PC.
    >
    > How do you detect if your modem or router are infected? The
    > only way I can think of would be to have a sniffer sitting on the
    > network side of the modem checking all outgoing traffic.


    Hello JC:

    If your undisclosed equipment lacks telnet based administrative
    capability, you have little to fear. As in all cases, the best defense
    for this attack is a very strong administrative password and up-to-date
    firmware.

    Sheesh! Zlob fades & here comes another...

    <http://www.linux-magazine.com/online/news/psyb0t_attacks_linux_routers_update>

    Pete
    --
    1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Similar Threads

  1. P2P content infections on the rise...
    By YeOldeStonecat in forum Software Forum
    Replies: 5
    Last Post: 06-02-08, 11:54 AM
  2. How to Remove Computer Virus
    By Samuel4u in forum Network Security
    Replies: 6
    Last Post: 05-07-08, 11:28 PM
  3. **** HPV infections a risk
    By Roody in forum General Discussion Board
    Replies: 7
    Last Post: 04-12-08, 01:56 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •