Chuck Norris botnet doesn't infect routers...
A so-called Chuck Norris botnet is hijacking poorly-configured routers and DSL modems. According to ComputerWorld, the botnet spreads by malware that installs itself on routers and modems by guessing the default administrative password and seizing control due to many devices being configured to allow remote access. Masaryk …
Chuck Norris' beard is barbed wire soaked in ox blood and held together by the souls of mortals.
...Underneath his beard is another fist.
I'm going to have to replace the virtual keyboard on my phone now.
'because of a comment in its source code that reads: "in nome di Chuck Norris."'
Really? Where did he get the source code? I didn't realise that malware was now spread in a way that means the victim needs to build it themselves.
Or did he actually /scritto/ it himself ;-)
Hmm. Scientist of black helicopter? Neither, if systems are now sharing source code including comments, then this must be RotM.
"Chuck Norris can be removed by restarting the device."
We all know that Chuck Norris can never be removed unless he wants to be - anyone who tries gets round-house kicked into submission.
Eh ? What are those ? Are they different from the ports I have on my PC ? Is the HTTP port (80) a "remote communication port" ? If so, can the PC still access the Web when the malware is active ?
I would suppose so, otherwise the user would wizen up to the fact that his 'puter has been haxx0red, right ?
It was probably suggesting remote administration ports to the router/DSL modem. The article stated it redirects port 80 (from internal to external at least) to a malware-loaded website.
You omitted "Superman wears Chuck Norris pyjamas" and "when the bogeyman goes to bed, he checks beneath it for Chuck Norris".
...steers clear of the Moderatrix when she's had to go through a million "Chuck Norris" comments...
"noted for playing Russian Roulette with a full-loaded pistol and winning"
Playmobile or it did not happen!
Chuck Norris writes articles for WorldNetDaily and still gets taken seriously. He's that hard.
Chuck Norris's tears can cure all known diseases. But Chuck Norris never cries. Ever.
That Chuck Norris walked into a Burger king and asked for a big mac...
and got one.
And when he jumps in the pool, he doesn't get wet. The water get's chuck'd.
Back to closed source obscure netstacks it is ...
It's not the OS that's at issue here, it's the brain-dead way most of the devices are configured. The real core of the attack is just a brute force using a list of known default logins and passwords (the single D-Link vulnerability aside). It boggles the mind why these devices aren't configured to require you to pick a new password at least when you first log into them, and for that matter they really should disable administrative access from the outbound ports (there are however ways to get around that if you abuse UPnP or bounce through a compromised system inside the network). Ultimately nothing is going to make these devices 100% secure, but we could at least make them have to work for it a little. I can't tell you how many times I've been able to log into someones how router to fix an issue just by guessing admin/admin.
and those weak passwords.
Oh wait, ..... Vincent, you did read that part?
"norris aside"?
Oh dear. I'd hate to be in the amount of shit you're going to be in when Chuck notices that. And he will. One day. Soon.
Sign up, sign up for The Register's weekly IT security newsletter - click here
