The SANS Institute’s Internet Storm Center discovered a worm that affects older Linksys wireless routers after receiving multiple complaints from owners. The ISC, as it is called, published a write up about what it had discovered about the worm called TheMoon, as well as possible models at risk. Linksys has followed up the notification with a confirmation of the issue.
The malware takes advantage of a vulnerability by exploiting routers that have Remote Management Access turned on — something that is turned off by default, meaning only those who have turned it on are at risk. The administrator authentication is bypassed and the worm connects to port 8080, after which point it starts wrecking its havoc.
The worm is known to affect router models E1000 and E1200, but could also potentially affect E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, and E900. Those who have one of these models are encouraged to make sure the Remote Management Access feature is disabled until a fix is out.
Said a statement from Linksys, in part, “Linksys is aware of the malware called “The Moon” that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers … [and] will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks.”
SOURCE: Maximum PC