The Darkside of “TheMoon” Is Your Linksys Router

Posted by on Feb 19, 2014 in Blog, Security | 0 comments

The Darkside of “TheMoon” Is Your Linksys Router

Security firms have been watching and following a new worm named "TheMoon", and have found that it's bad. How bad? Most Malware, virus, worms, etc are wrote to attack computers, however, this one is specifically wrote to attack older Linksys home routers. In short what it does is scan networks via webpages using the router's built in software for remote management. If the worm finds and can execute its scripts on the router, the router, and any other devices connected to the same network are at severe security risk. It is still unclear what happens after being compromised, but its suspected the router becomes part of a botnet for later use. So far the following Linksys Router models have been identified as vulnerable: E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900, E300, WAG320N, WAP300N, WAP610N, WES610N, WET610N, WRT610N, WRT600N, WRT400N, WRT320N, WRT160N and WRT150N. However, this list might not be accurate or complete. Currently, Belkin, the parent company of Linksys is working on a firmware upgrade to fix the flaw. 

How to protect your router. Go into your routers setting via a browser using admin access. Look in the setting for "Remote Management Access" or similarly worded text and verify that it is turned OFF. By default most routers will have this already turned off, but for security sakes, it should be checked. In addition it is recommended you should also enable Filter Anonymous Internet Requests, which you can find under the Administration-Security tabs.

To read more about this you can visit the official blog of Linksys here. In addition it is recommended to check and upgrade your router to the latest firmware version.

If you have further question or need help to determine if you are at risk, feel free to contact us via this post, service@maxmtechnology.com or by phone (806)553-0832.

Leave a Reply