Stop the FUD
Take a deep breath and remove the tinfoil hats. As Parax pointed out Cisco
gear is typically owned by large megacorps with IT staff that manages that stuff
24/7 (like I do). Cisco IOS is not subject to "drive-by installs" so you will not get
this rootkit by opening an email with naked pics of Anna Kournikova or playing
a video file that needs installation of a funky video player you just got from
Updating IOS on Cisco gear is akin to installing a new OS on your PC. It doesn't
happen by accident. It can either be done via TFTP or physically via CF flash and
the device needs to be rebooted. TFTP is blocked externally on most corporate
WANS so it can't be done externally. All the firms I have worked at had test labs
where any new release of IOS had to be thoroughly tested then had to receive
approvals from IT/business units. If it actually made it through this process it
would be deployed on a small number of devices at first and monitored before
upgrading the whole backbone. In fact, unless the current IOS has serious bugs
or the new IOS offered significant improvements in security or performance we
don't care about new IOS releases. The risk is just too great.
This of course does not take into account the smaller firms that don't block TFTP and have easy to guess passwords on their devices. Or how about the way Dave and
Busters got hacked?
The hackers posed as network techs and gained access to the comm rooms where the servers were located to physically install the sniffier software. They
were caught because the sniffer software was buggy and would not restart when
the machines were rebooted so the hackers had to keep returning to restart the
Paris because even she could write better sniffer software.