Chuck Norris is not a Linux virus

Can Linux-based network routers get it? Yes. Is it malware like Windows' viruses and worms? No.

Get a grip people. A recent story about the so-called Chuck Norris botnet implies that it breaks Linux's security. Wrong.

Windows malware, whether it comes in the form of a Trojan, virus, or worm, works by exploiting security holes in either the operating system itself or an application like Adobe Reader or Internet Explorer. Whatever the bug or the method it uses to arrive on a Windows PC, the fundamental way it uses to exploit the system is that Windows itself is inherently insecure.

While Chuck Norris runs on Linux-based DSL modems and routers, it doesn't actually attack Linux at all. Instead, it runs as a normal Linux application. So how does it get there if it doesn't try to crack Linux? It infects routers by trying common and default passwords. That's it. That's all there is to it.

To blame Linux because someone is so dumb as to not change the default password is kind of like blaming Honda or Ford for their car anti-thief systems for not preventing your car from being stolen if you left the doors unlocked and the key in the ignition. At some point, the user has to take responsibility for basic security and this most recent assault on modems and routers is a perfect example.

How do you prevent this from happening to you in the first place? Look up how to change your device's password and give it a new one that's not mindlessly simple to guess. And, how do you get rid of it if you already have it? Reboot the device. Don't know how to do that? Try pulling the plug and then putting it back in. Mission accomplished.

Linux has security problems. This isn't one of them. This is a network security for dummies problem.

Any time you get a device that uses a password -- DSL modem, cable modem, router, whatever -- the first thing you should do after making sure it works is to change the default password to something that combines letters and numbers and isn't easy to guess. That alone will stop Chuck Norris faster than Bruce Lee did in Way of the Dragon and 99% of all other common router password attacks.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies