It has been revealed that a vulnerability in possibly 23 different models of Linksys (Belkin) routers has been exploited by a worm known as The Moon.
The exploit was first noticed about a week ago and reported by the Internet Storm Center. The Worm bypasses authentication on the router to take control. Linksys state that “the router starts flooding the network with ports 80 and 8080 outbound traffic, resulting in heavy data activity”. The worm also attempts to detect any vulnerable systems on the router’s network for exploitation.
Current intentions of The Moon are not yet known, however, there is code within the worm which seems to suggest that it may be gathering infected routers into a network of compromised devices through a command and control system.
Linksys will be issuing a firmware update to fix the vulnerability in the next few weeks. But for now, if you’re using a Linksys router, you should read the advice given here to disable Remote Access Management.
