Rare malware targets routers running Linux

Odds you'll get hit are low, but the impact would be high


There's are active communities of DIYers, modders and Linux geeks using the OS to modify routers, PCs and other gear.

Trojans or viruses aimed at those, if they get through malware filters at the edge of the network, would be in an ideal position to collect secure data as it flows through the network, or to act as a backdoor into the core of a corporate network.

Sure, end users do a lot more stupid things than IT people do, and it's a lot more likely a random bit of malware will find fertile ground in Userland than on a Linux box repurposed as a router sitting in a server closet somewhere.

There are a LOT of small, poorly secured D-Link and other home and small-office routers out there running Linux-compatible kernels or OSes, even in big companies.

Routers and switches from D-link, NetGear, Belkin or other manufacturers do fill-in duty in branch offices, remote business units or to help break up overutilized network connections into sub-sub-sub-networks and cut down the average headcount on each LAN without spending what it would cost to do the same thing properly from farther up in the network.

Trend Micro also found malware designed to carry out large-scale DNS poisoning attacks by infecting DSL modems and using them, among other vulnerable hardware, as a base.

Odd. Not the risks you normally think about. Definitely worth plugging that particular hole.

Kevin Fogarty writes about enterprise IT for ITworld. Follow him on Twitter @KevinFogarty.

Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question