Accessibility Resource Center Skip to main content
Get it fast with In-store & curbside pickup or same day delivery.

protection against the Psyb0t worm

Reply
mustbjones
Nickel Contributor
Nickel Contributor
Posts: 28
Registered: ‎03-01-2009

protection against the Psyb0t worm

Message 1 of 7
(10,904 Views)

Are the modem/router that Verizon supplies protected/hardened against this worm?

 

Here is a link to the article: http://blogs.zdnet.com/BTL/?p=15197

 

Thanks,

MBJ

6 REPLIES 6
DzWR
Bronze Contributor II
Bronze Contributor II
Posts: 159
Registered: ‎03-13-2009

Re: protection against the Psyb0t worm

Message 2 of 7
(10,888 Views)

I don't see any mention of the Actiontec in that article -- you should be fine.

.,.
cjacobs001
Silver Contributor III
Silver Contributor III
Posts: 398
Registered: ‎10-09-2008

Re: protection against the Psyb0t worm

Message 3 of 7
(10,849 Views)
Also, the article tells you how to fix it if your router is attacked
cjacobs001
mustbjones
Nickel Contributor
Nickel Contributor
Posts: 28
Registered: ‎03-01-2009

Re: protection against the Psyb0t worm

Message 4 of 7
(10,827 Views)
Yes I saw that the Actiontec router/modem is not mentioned, but it also says that any router that is running mipsel (MIPS running in little endian mode) is in danger.
dslr595148
Trivia Champ
Trivia Champ
Posts: 6,045
Registered: ‎09-24-2008

Re: protection against the Psyb0t worm

Message 5 of 7
(10,783 Views)
However, I would still recommend:

#1 Changing the default password, if you have not.

#2 If UPnP exist in the router, turning that off.

#3 Making sure remote access to the router is turned off.

--

You can use any port checking site, to see if any port is open from the outside.

If there any ports open from the outside does not mean bad news right away, because it depend(s) if you are forwarding any ports.

What you really want is, only the ports that you forwarded open from the net.

If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.


 

prisaz
Platinum Contributor III
Platinum Contributor III
Posts: 6,820
Registered: ‎08-23-2008

Re: protection against the Psyb0t worm

Message 6 of 7
(10,777 Views)

@dslr595148 wrote:
However, I would still recommend:

#1 Changing the default password, if you have not.

#2 If UPnP exist in the router, turning that off.

#3 Making sure remote access to the router is turned off.

--

You can use any port checking site, to see if any port is open from the outside.

If there any ports open from the outside does not mean bad news right away, because it depend(s) if you are forwarding any ports.

What you really want is, only the ports that you forwarded open from the net.

Gibson Research "Shields UP" is a good site for checking your ports. Stealth status is best. The ports are better off not showing at all. Closed status will still show something is there. Also turning off responses to ICMP Ping requests in you router is not a bad idea. I have also found the Ident Port 113 responds in many routers, and the way I handle this is designate one private IP on my network as a deadend. Do not use the deadend IP address for anything on your private network. Also pick an IP that is not in your DHCP distribution list. Forward that port to the deadend and when scaned it will not respond.

http://www.grc.com/default.htm

Message Edited by prisaz on 03-28-2009 06:58 PM
VikeFan1961
Copper Contributor
Copper Contributor
Posts: 19
Registered: ‎03-28-2009

Re: protection against the Psyb0t worm

Message 7 of 7
(10,733 Views)

"Version 17 of the malware contains “shellcode for 30 different linksys models, and 10 netgear models, as well as several kinds of cable and dsl modems (15 different shellcodes)” as well as a list of “6000 usernames and 13000 passwords” which is used for bruteforcing Telnet and SSH logins that are open to the LAN and sometimes even on the WAN side of those routers."


Read more: "psyb0t - A stealthy router-based botnet discovered [Updated] | IRC-Junkie.org - IRC News" - http://www.irc-junkie.org/2009-03-22/psyb0t-a-stealthy-router-based-botnet-discovered/#ixzz0BByn8pYZ

 

If you are using a router that is vunerable and a weak password that is easily hacked via the brute force attack that is used you should easily be able to determine if you are infected.  Since port 80 gets blocked by the bot you will lose basic HTTP connectivity through your router.  You would then need to do a factory reset of your router to get it back into it's default configuration (this clears the malware from the router) and assign a more robust password.

 

I would then send a complaint to Verizon. 

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.
Have a spare Fios-G1100?Learn how to bridge it into your network
Get Started


Covid19

Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.