March 21, 2019

How to Detect and Prevent Psyb0t, the Linux Router Worm - page 2

How Worms Crawl Into Routers

  • April 12, 2009
  • By Eric Geier

As mentioned earlier, a piece of software a router's firmware uses can also make it susceptible to worms. Keeping routers loaded with the most current firmware releases can help prevent this vulnerability. Router manufacturers and firmware-replacement projects periodically release these firmware updates to patch known security holes and bugs.

To upgrade the firmware, download the new image from the vendor's Website. Then log into the router's Web-based configuration utility from a wired connection and go to the Admin, Misc, or System section. From there, select the new firmware image and upload it.

Ridding your router from a worm

The preventative measures we discussed should keep our routers safe from worms. Remember, don't enable remote access unless it is really needed. If it is necessary, use long, mixed character and case passwords via HTTPS or SSH, and think about using non-default ports and enabling any inbound filter.

If a router does become infected, strange things might happen. For example it has been reported that the Psyb0t worm blocks ports 22 (SSH), 23, and 80 (Web) on the router. Thus, routers that seem to block these ports out of nowhere may be infected with the worm.

Getting rid of the worm, however, likely only requires a power cycle. Simply unplugging the router for a couple of seconds should do the trick. If problems persist, resetting it back to factory defaults should definitely clear out the bug. Hold the reset button on the back of the router in for up to 30 seconds. Once the worm is out, be sure to follow the tips in this tutorial.

Eric Geier is the author of many networking and computing books, including Home Networking All-in-One Desk Reference For Dummies (Wiley 2008) and 100 Things You Need to Know about Microsoft� Windows Vista (Que 2007).

Article courtesy of Wi-Fi Planet

Most Popular LinuxPlanet Stories