Researchers spot router-based botnet worm

Researchers at DroneBL have spotted signs of a stealthy router-based botnet worm [zdnet.com] targeting routers and DSL modems.
The worm, called “psyb0t,” has been circulating since at least January this year, infecting vulnerable embedded Linux devices such as the Netcomm NB5 ADSL modem and launching denial-of-service attacks on some Web sites.
From the article:

Researchers at DroneBL have spotted signs of a stealthy router-based botnet worm [zdnet.com] targeting routers and DSL modems.

The worm, called “psyb0t,” has been circulating since at least January this year, infecting vulnerable embedded Linux devices such as the Netcomm NB5 ADSL modem and launching denial-of-service attacks on some Web sites.

From the article:

The group estimates there are 100,000 hosts infected with this malware.

The author of this worm has some sophisticated programming knowledge, given the nature of this executable.

Action must be taken immediately to stop this worm before it grows much larger.

We came across this botnet as part of an investigation into the DDoS attacks against DroneBL’s infrastructure two weeks ago, and feel that this botnet was the one which flooded DroneBL.

Suggested articles