DatCom Blog

What is a Router Botnet? Find Out Today!

What is a Router Botnet? Find Out Today!

Ordinarily, one of the best ways to protect your organization’s infrastructure is to make sure any and all patches administered to the software you use are applied as soon as possible after they’ve been released. However, patches don’t help against threats that aren’t discovered at the moment they are released. The recent spread of BCMUPnP_Hunter botnet shows that it’s not enough for people to keep patching their systems.

Threat Background
This botnet was initially discovered in September. Since then, it has infected devices to support a huge spam email campaign. BCMUPnP_Hunter is able to zero-in on victims thanks to its ability to scan for potential targets, like routers with the BroadCom University Plug and Play feature enabled. The system can then be taken over by the hacker.

It is assumed that the network created by BCMUPnP_Hunter was created to send out spam emails. The threat creates a proxy that communicates with email servers, allowing attackers to use botnets to generate profit through fraudulent clicks. What’s more is that the malware seems to have been created by someone who has a considerable amount of skill. To make things worse is that BCMUPnP_Hunter also appears to scan from over 100,000 sources, making this botnet quite large.

How Does This Prove That Patches Aren’t Working?
In order for BCMUPnP_Hunter to work as intended, it must target devices that have BroadcomUPnP enabled to take advantage of a vulnerability. The thing is that this vulnerability has been patched since 2013 when it was first discovered, meaning that most manufacturers have issued a patch since then. Therefore, the majority of devices being used by this threat are those that haven’t been patched for some reason or another.

The Lesson Learned
A simple lesson can be learned here. It goes to show that any equipment on your infrastructure that’s not maintained could be putting your business at risk. This includes making sure that you implement patches and security updates as soon as they are released. Of course, they aren’t always broadcast to the public--after all, who would want to admit that the product they have created is vulnerable to attack, and that the vulnerability is being exploited? As a business owner, it’s your responsibility to keep up with the latest threats.

Granted, not all business owners have the time or luxury to focus on something like this. For those who want to minimize the threat posed by vulnerabilities, give the IT professionals at DatCom a call at 903-842-2220.

The Pros and Cons of Automating Business Processes
Tip of the Week: Improve Your Business’ Wi-Fi
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, January 21 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Cloud Business Computing Network Security Google Microsoft User Tips Hackers Hosted Solutions Tech Term Internet Business Software Malware Backup Hardware Data Innovation Mobile Devices Data Backup Email Smartphones Data Recovery Workplace Tips Small Business Smartphone Communications Business Continuity Android VoIP Cloud Computing Ransomware Managed IT Services Computer IT Services Router Communication Disaster Recovery Windows 10 Artificial Intelligence Network Productivity Internet of Things Alert Cybersecurity Browser Outsourced IT Chrome Cybercrime Law Enforcement Windows 10 Miscellaneous Applications Server Office 365 How To Money Collaboration Business Management Efficiency Windows Computers Password IT Support Productivity Telephone Systems Spam Facebook Virtualization Passwords Mobile Device Holiday Information Gadgets Word Saving Money Wi-Fi BDR Managed IT Services Social Media Social Engineering Quick Tips Vulnerability Work/Life Balance Microsoft Office BYOD Office Settings Save Money Keyboard Voice over Internet Protocol Mobile Device Management Flexibility Apps Two-factor Authentication Operating System Phishing Connectivity Data Protection Mobility Managed Service Government App Data Security Avoiding Downtime Unsupported Software Automation Telephony Comparison Blockchain HaaS Windows 7 Software as a Service Bandwidth Health Sports Identity Theft Website Encryption Infrastructure Entertainment Data Storage Human Resources Scam Networking Private Cloud VPN Remote Monitoring End of Support OneNote Upgrade Employer-Employee Relationship IT Management Business Intelligence Redundancy Servers Remote Computing Managed IT Office Tips Paperless Office Fraud Access Control Public Cloud Update Google Drive CES Spam Blocking Machine Learning Bring Your Own Device Virtual Assistant IT Plan Content Management Data Management Data Breach Legal Botnet Telephone System Google Docs Conferencing Thought Leadership Mobile Computing Net Neutrality PDF Computing Infrastructure Risk Management FENG Password Management Security Cameras Workers Audiobook Firewall Cast File Sharing Company Culture Online Shopping Smart Tech Video Games Wearable Technology IT Consultant Recovery Patch Management Outlook Administrator Hosted Computing Best Practice Training Advertising eWaste Emails Software Tips Camera FCC History Politics Internet Exlporer Skype NIST Hacker Instant Messaging Leadership Augmented Reality Specifications IT Support Current Events Apple Solid State Drive Flash Managing Stress Shortcuts Evernote USB Samsung Criminal Frequently Asked Questions Smart Office Microchip Credit Cards Inventory Meetings Addiction Title II Virtual Reality Start Menu Cryptocurrency Smartwatch Password Manager Big Data Marketing Remote Worker Staff Electronic Medical Records iPhone Techology Audit Social Wireless Charging Value IBM Excel Search Engine Hacking Experience Charger Physical Security Cache Warranty Online Accountants Worker Commute HIPAA Internet exploMicrosoft Tools Safe Mode Business Mangement Wireless Wiring Millennials Battery Computer Fan Sync HVAC Vendor Cortana Scalability Multi-Factor Security Black Market Supercomputer Tip of the week Bing Amazon Authentication Automobile Cleaning Users Hybrid Cloud Knowledge Data loss Netflix Wireless Internet Printer Telecommuting Budget Downtime WiFi Gmail Search webinar Devices Unified Threat Management Workforce Digital Signature Education Hiring/Firing The Internet of Things Enterprise Content Management Travel Display Google Apps Content MSP Trending Windows 10s Windows Server 2008 YouTube Help Desk Amazon Web Services Nanotechnology Music Computer Care Information Technology Network Congestion Screen Mirroring HBO Wire Mouse Remote Work Practices Document Management Root Cause Analysis Recycling How to Employer Employee Relationship Two Factor Authentication Save Time Compliance Twitter Computer Accessories Content Filtering Assessment Shadow IT Vendor Management Regulation Webinar Printers Bluetooth Television Troubleshooting Transportation Safety Wireless Technology Public Computer IT solutions CrashOverride Books Managed Service Provider Loyalty Benefits Business Owner Worker Hosted Solution SaaS Smart Technology Emergency Rootkit