Malware Attacking Your Router
WinPatrol was one of the first to detect malware based on “behavior” of program and continues to follow that model. One behavior we’ve seen a lot of lately is very scary.
Do you know if the password has been changed since your router was purchased?
Do you know how to access your router to change the password?
I’ve run across a number of users who follow all the recommendations to configure their networks for WEP or WPA2 encryption but they never bother to change their default name/password. They’ll even take the time to rename their default SSID but still don’t change the name/password from the factory setting.
It probably won’t surprise you that the factory passwords don’t change much and are widely available. The WinPatrol research group dissected some recent malware threats and could see the routers they were attacking.
- Linksys, uses the name and password, “admin”. Older units use a blank user name.
- Belkin, uses blank password for default access
- Netgear, user name is “admin” and the default password is “password”. Big improvement over their old default “1234”
- ActionTec, Some unit don't even require an admin login. New devices use "admin" and "password". (updated)
As a security professional I’m reading more and more about vulnerabilities being found in wireless and non-wireless routers. There’s only so much we all can do but the first thing should be to change the default password.
If you don’t know how to access your router, just use your favorite search engine and type in your router name and “change default password”.