Update on the Linksys Router Worm, a Fix, and Further Actions

Update on the Linksys Router Worm, a Fix, and Further Actions

On Friday, I alerted you to a security problem with the E-Series and Wireless-N Linksys routers. A piece of malware dubbed “The Moon” has been developed to explicitly target the Linksys router models. The malware is a self-replicating worm that breaks into the router, downloads and executes code, and then turns the router into a bot that seeks out other victims.

Since the story broke, I’ve been contacted by a representative from Belkin (owner of the Linksys brand) with clarification on the issue including how to temporarily repair the router and when to expect a permanent fix. I wanted to get this out for you all as soon as I received it, as I know many are concerned about the risk.

Here’s what Belkin had to say…

“Linksys is aware of the malware called “The Moon” that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers.  The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled.  Linksys ships these products with the Remote Management Access feature turned off by default.  Customers who have not enabled the Remote Management Access feature are not susceptible to this specific malware.  Customers who have enabled the Remote Management Access feature can prevent further vulnerability to their network, by disabling the Remote Management Access feature and rebooting their router to remove the installed malware.  Linksys will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks.”

Stay tuned for more information as we receive it.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish