A self-replicating worm dubbed “TheMoon” has victimized a number of routers–primarily spreading between Linksys devices.
The worm does not infect computers–only routers, meaning that anti-virus software can’t do anything about it. It also doesn’t matter what kind of operating system you’re running.
The Internet Storm Center recently issued a post about the worm.
“At this point, we are aware of a worm that is spreading among various models of Linksys routers. We do not have a definite list of routers that are vulnerable, but the following routers may be vulnerable depending on firmware version: E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900,” it reads.
It says the worm will first connect to port 8080 and might use SSL to request the “/HNAP1/” URL.
“We call this a ‘worm’ at this point, as all it appears to do is spread. This may be a ‘bot’ if there is a functional command and control channel present,” the post reads.
Linksys has said that it is working on a fix for the security vulnerability, and it will be released within a few weeks.
“Linksys is aware of the malware called The Moon that has affected select older Linksys E-series Routers and select older Wireless-N access points and routers. We will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks,” the company said.
The company gave a step-by-step plan to prevent the malware from infecting one’s network, which can be accessed here.