Menu
Your Linux-based home router culd succumb to a new Telnet worm, Remaiten

Your Linux-based home router culd succumb to a new Telnet worm, Remaiten

The worm takes advantage of exposed Telnet services with weak passwords to infect routers and other embedded devices

Building botnets made up of routers, modems, wireless access points and other networking devices doesn't require sophisticated exploits. Remaiten, a new worm that infects embedded systems, spreads by taking advantage of weak Telnet passwords.

Remaiten is the latest incarnation of distributed denial-of-service Linux bots designed for embedded architectures. Its authors actually call it KTN-Remastered, where KTN most likely stands for a known Linux bot called Kaiten.

When scanning for new victims, Remaiten tries to connect to random IP addresses on port 23 (Telnet) and if the connection is successful, it attempts to authenticate using username and password combinations from a list of commonly used credentials, researchers from ESET said in a blog post.

If the authentication succeeds, the bot executes several commands to determine the system's architecture. It then transfers a small downloader program compiled for that architecture that proceeds to download the full bot from a command-and-control server.

The malware has versions for mips, mipsel, armeabi and armebeabi. Once installed it connects to an IRC (Internet Relay Chat) channel and waits for commands from attackers.

The bot supports a variety of commands for launching different types of denial-of-service attacks. It can also scan for competing DDoS bots on the same system and uninstall them.

It's surprising that many networking devices still use Telnet for remote management, instead of the more secure SSH protocol. It's also unfortunate that many devices ship with Telnet service open by default.

Device owners should use one of the many free online port scanning tools to check if their router has port 23 open and should try to shut down the Telnet service from the device's Web-based administration interface. Unfortunately many gateway devices provided by ISPs to their customers don't give users full access to the management features.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

With New Zealand businesses now open to innovation, the industry sits on the cusp of significant disruption in the data centre. Driven by software-defined networking, the future of the data centre is fast becoming reality, as the channel seeks to keep up, keep innovating and keep growing. APC by Schneider Electric, Lenovo and key partners outlined how the channel can capitalise at The Grill restaurant in Auckland.

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​
Show Comments