Chuck Norris botnet karate-chops routers hard

New botnet infects Linux-based routers and DSL modems
Insert Chuck Norris joke here

Insert Chuck Norris joke here

If you haven't changed the default password on your home router, you may be in for an unwanted visit from Chuck Norris -- the Chuck Norris botnet, that is.

Discovered by Czech researchers, the botnet has been spreading by taking advantage of poorly configured routers and DSL modems, according to Jan Vykopal, the head of the network security department with Masaryk University's Institute of Computer Science in Brno, Czech Republic.

The malware got the Chuck Norris moniker from a programmer's Italian comment in its source code: "in nome di Chuck Norris," which means "in the name of Chuck Norris." Norris is a U.S. actor best known for his martial arts films such as "The Way of the Dragon" and "Missing in Action."

Security experts say that various types of botnets have infected millions of computers worldwide to date, but Chuck Norris is unusual in that it infects DSL modems and routers rather than PCs.

It installs itself on routers and modems by guessing default administrative passwords and taking advantage of the fact that many devices are configured to allow remote access. It also exploits a known vulnerability in D-Link Systems devices, Vykopal said in an e-mail interview.

A D-Link spokesman said he was not aware of the botnet, and the company did not immediately have any comment on the issue.

Like an earlier router-infecting botnet called Psyb0t, Chuck Norris can infect an MIPS-based device running the Linux operating system if its administration interface has a weak username and password, he said. This MIPS/Linux combination is widely used in routers and DSL modems, but the botnet also attacks satellite TV receivers.

Vykopal doesn't know how big the Chuck Norris botnet is, but says he has evidence that the hacked machines "are spread around the world: from South America through Europe to Asia. The botnet aims at many networks of ISP [Internet service provider] and telco operators," he said.

Right now Chuck Norris-infected machines can be used to attack other systems on the Internet, in what are known as distributed denial of service attacks. The botnet can launch a password-guessing dictionary attack on another computer, and it can also change the DNS (Domain Name System) settings in the router. With this attack, victims on the router's network who think they are connecting to Facebook or Google end up redirected to a malicious Web page that then tries to install a virus on their computers.

Once installed in the router's memory, the bot blocks remote communication ports and begins to scan the network for other vulnerable machines. It is controlled via IRC.

Because the Chuck Norris botnet lives in the router's RAM, it can be removed with a restart.

Users who don't want to be infected can mitigate the risk -- the simplest way of doing this is by using a strong password on the router or modem. Users can also address the problem by keeping their firmware up-to-date and by disabling remote-access services.

In recent years, hackers have started looking at devices such as routers, which are often not properly secured, Vykopal said. "They are not regularly patched and updated, even though the patches are available." The devices "are also continuously connected to the Internet and they are up for days and months," he said.

In the future, he expects that even more malware will target these devices.

Despite their rarity, router-based botnets are not particularly hard to create, said Dancho Danchev, an independent cyber threats analyst, speaking via instant message. "Router-based botnets are not rocket science given a common flaw can be exploited, and every then and now [one] appears."

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Topics: Chuck Norris, botnet, Czech Republic, D-Link, malware

Comments

Anonymous

1

This is why...

people should need licenses before using computers.

Idiot governments, though, would probably make Windows-only tests.

Anonymous

2

...you're an idiot.

This is of course directed at the post just before mine. It would be a terrible idea for people to be required to have a license to use the internet. This would exacerbate the already rampant problem of identity theft. If you needed a valid ID to use the internet, those who want to do malicious things will keep doing it, but they will be using your friends and families identities to do it. The attackers will use your ID, and throw it away, and the feds will be knocking at your door for something that was done on the other side of the world. "But sir, I don't even know what a command prompt is!" - "Don't play dumb with us, old woman - We know you were in China last night hacking into the pentagon. It's all over."

Think before you type.
ad0nis

Anonymous

3

You got it wrong!

Instead of "karate-chops", use "roundhouse kicks"!

Anonymous

4

Chuck Norris can lead a horse to water.... and Make Him drink!

Anonymous

5

i'm not so sure you aren't

you are quite arrogant. Give the guy a chance to explain his side.

Anonymous

6

heh

read this while I had itunes open.. I checked and what do you know there's a app for that http://itunes.apple.com/us/app/default-logins/id348570963?mt=8 how silly

Anonymous

7

:_)))))))))))))))

...Vykopal doesn't know how big the Chuck Norris botnet is, but says he has evidence that the hacked machines "are spread around the world: from South America through Europe to Asia. The botnet aims at many networks of ISP [Internet service provider] and telco operators," he said...

LOOOOOOOOOOOOL

Vyke

8

You don't need to know how big a botnet is in order to determine its geographical coverage. Coverage is determined by sampling a couple thousand random IPs throughout the world, amount is determined by sampling *all of them*.

So yeah, we can know how wide-spread it is without having to know the numbers.

acai

9

Chuck Norris

Thanks for sharing this interesting article.

Jet Li

10

That'll learn you all!

That'll learn you all!

thomas

11

chuck noriis can slam a revolving door!

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?