Linksys Router Worm "Cisco Moon Worm"... Get your routers checked!

Posted by Ian Bengson on Thu, Feb 20, 2014

This article is important for you to read if you have one of the home/small business routers that is sold by Cisco under the brand name Linksys. Be careful if you have enabled remote administration on port 8080 (even with a strong password) because there's a worm out there exploiting an authentication bug in the Cisco firmware that: 

 - Lets it rewrite the firmware to infect the router, and then
 - Sets the router to scan zillions of other IP addresses looking for other systems to infect.

Linksys Wireless G Router
Similar to the SQL Slammer worm that was around in January 2003, the effect of this worm isn't so much to steal your information -- as far as we know -- but instead to have extreme effect on the speed of your Internet access and help slow down the Internet as a whole. That's not surprising, seeing as there is an abundance of Linksys routers on the Internet. With that being said, it is highly suggested that all of us IT professionals be helpful citizens and check out not just our own Linksys routers, but all of our non-techie's routers as well.

The main remedies are:

 - Disable remote management
 - Make sure you've got the latest firmware,

You can read more about it by searching the web for "Cisco Moon Worm."  The story behind this worm is changing quickly as the SANS researchers find more informationa bout the worm, but a search on the web will give you some current info. 

Submit a Comment

Need Help Now?

Request a Call