Malware Attacking Your Router

WinPatrol was one of the first to detect malware based on “behavior” of program and continues to follow that model. One behavior we’ve seen a lot of lately is very scary.

Instead of installing malware that continues to run like a key logger or trojan, malicious programs are increasingly attacking the network router which is common with any internet connected home and/or office. An unwanted program can quickly make a change to your router settings that will immediately open all your computers to the world. The bad guys won’t have to install a key logger, they’ll be able to record every byte that goes across your network. It’s happening now to thousands of routers which are still using their default name and password.

Do you know if the password has been changed since your router was purchased?
Do you know how to access your router to change the password?

I’ve run across a number of users who follow all the recommendations to configure their networks for WEP or WPA2 encryption but they never bother to change their default name/password. They’ll even take the time to rename their default SSID but still don’t change the name/password from the factory setting.

It probably won’t surprise you that the factory passwords don’t change much and are widely available. The WinPatrol research group dissected some recent malware threats and could see the routers they were attacking.

• Linksys, uses the name and password, “admin”. Older units use a blank user name.
  
• Belkin, uses blank password for default access
  
• Netgear, user name is “admin” and the default password is “password”. Big improvement over their old default “1234”
  
• ActionTec, Some unit don't even require an admin login. New devices use "admin" and "password". (updated)

You get the idea. The program recently submitted to our research team had a list of 28 different routers complete with address, name and password clear for anyone to read with the proper tools.

As a security professional I’m reading more and more about vulnerabilities being found in wireless and non-wireless routers. There’s only so much we all can do but the first thing should be to change the default password.

If you don’t know how to access your router, just use your favorite search engine and type in your router name and “change default password”.