{"id":331,"date":"2014-02-23T18:37:15","date_gmt":"2014-02-23T18:37:15","guid":{"rendered":"http:\/\/www.ccrepairservices.com\/blog\/?p=331"},"modified":"2014-02-23T18:37:15","modified_gmt":"2014-02-23T18:37:15","slug":"mass-exploit-of-linksys-routers","status":"publish","type":"post","link":"https:\/\/www.ccrepairservices.com\/blog\/computer-news\/mass-exploit-of-linksys-routers\/","title":{"rendered":"Mass Exploit of Linksys Routers"},"content":{"rendered":"<p>It has been revealed that a vulnerability in possibly 23 different models of Linksys (Belkin) routers has been exploited by a worm known as <a title=\"External link\" href=\"https:\/\/isc.sans.edu\/forums\/diary\/Linksys+Worm+TheMoon+Summary+What+we+know+so+far\/17633\" rel=\"nofollow external\">The Moon<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<p>The exploit was first noticed about a week ago and reported by the <a title=\"External link\" href=\"https:\/\/isc.sans.edu\/forums\/diary\/Suspected+Mass+Exploit+Against+Linksys+E1000+E1200+Routers\/17621\" rel=\"nofollow external\">Internet Storm Center<\/a>. The Worm bypasses authentication on the router to take control. <a title=\"External link\" href=\"https:\/\/kb.linksys.com\/Linksys\/ukp.aspx?pid=80&amp;app=vw&amp;vw=1&amp;login=1&amp;json=1&amp;docid=56b6de2449fd497bb8d1354860f50b76_How_to_prevent_getting_The_Moon_malware.xml\" rel=\"nofollow external\">Linksys state<\/a> that &#8220;the router starts flooding the network with ports <b>80 <\/b>and <b>8080 <\/b>outbound traffic, resulting in heavy data activity&#8221;. The worm also attempts to detect any vulnerable systems on the router&#8217;s network for exploitation.<\/p>\n<p>&nbsp;<\/p>\n<p>Current intentions of The Moon are not yet known, however, there is code within the worm which seems to suggest that it may be gathering infected routers into a network of compromised devices through a command and control system.<\/p>\n<p>&nbsp;<\/p>\n<p>Linksys will be issuing a firmware update to fix the vulnerability in the next few weeks. But for now, if you&#8217;re using a Linksys router, you should read the advice given <a title=\"External link\" href=\"https:\/\/kb.linksys.com\/Linksys\/ukp.aspx?pid=80&amp;app=vw&amp;vw=1&amp;login=1&amp;json=1&amp;docid=56b6de2449fd497bb8d1354860f50b76_How_to_prevent_getting_The_Moon_malware.xml\" rel=\"nofollow external\">here<\/a> to disable Remote Access Management.<\/p>\n<p>&nbsp;<\/p>\n<div style=\"text-align: center;\"><span style=\"color: #00ff00;\"><strong>Latest Computer news and virus and malware threats at Complete computer Repair Services<\/strong><\/span>\n<\/div>\n<h2 style=\"text-align: center;\"><span style=\"color: #00ff00;\"><a href=\"https:\/\/www.ccrepairservices.com\/\"><span style=\"color: #00ff00;\">www.ccrepairservices.com<\/span><\/a><\/span><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>It has been revealed that a vulnerability in possibly 23 different models of Linksys (Belkin) routers has been exploited by a worm known as The Moon. &nbsp; The exploit was first noticed about a week ago and reported by the Internet Storm Center. The Worm bypasses authentication on the router to take control. Linksys state that &#8220;the router starts flooding the network with ports 80 and 8080 outbound traffic, resulting in heavy data activity&#8221;. The worm also attempts to detect any vulnerable systems on the router&#8217;s network for exploitation. &nbsp; Current intentions of The Moon are not yet known, however, there is code within the worm which seems to suggest that it may be gathering infected routers into a network of compromised devices through a command and control system. &nbsp; Linksys will be issuing a firmware update to fix the vulnerability in the next few weeks. But for now, if you&#8217;re using a Linksys router, you should read the advice given here to disable Remote Access Management. &nbsp; Latest Computer news and virus and malware threats at Complete computer Repair Services www.ccrepairservices.com<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[484,337,471,480,103,19,473,472,477,32,104,486,478,33,261,10,86,482,481,487,488,474,485,483,479],"class_list":["post-331","post","type-post","status-publish","format-standard","hentry","category-computer-news","tag-admin","tag-boca-raton","tag-broward","tag-cisco","tag-computer-news-2","tag-computer-repair","tag-county","tag-dade","tag-exploit","tag-fort-lauderdale","tag-hacker","tag-latest-news","tag-linksys","tag-miami","tag-miami-beach","tag-new-virus","tag-news","tag-patch","tag-router","tag-router-repair","tag-router-upgrade","tag-south-florida","tag-up-to-date","tag-update","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts\/331","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/comments?post=331"}],"version-history":[{"count":1,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts\/331\/revisions"}],"predecessor-version":[{"id":332,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/posts\/331\/revisions\/332"}],"wp:attachment":[{"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/media?parent=331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/categories?post=331"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ccrepairservices.com\/blog\/wp-json\/wp\/v2\/tags?post=331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}