DatCom Blog

What is a Router Botnet? Find Out Today!

What is a Router Botnet? Find Out Today!

Ordinarily, one of the best ways to protect your organization’s infrastructure is to make sure any and all patches administered to the software you use are applied as soon as possible after they’ve been released. However, patches don’t help against threats that aren’t discovered at the moment they are released. The recent spread of BCMUPnP_Hunter botnet shows that it’s not enough for people to keep patching their systems.

Threat Background
This botnet was initially discovered in September. Since then, it has infected devices to support a huge spam email campaign. BCMUPnP_Hunter is able to zero-in on victims thanks to its ability to scan for potential targets, like routers with the BroadCom University Plug and Play feature enabled. The system can then be taken over by the hacker.

It is assumed that the network created by BCMUPnP_Hunter was created to send out spam emails. The threat creates a proxy that communicates with email servers, allowing attackers to use botnets to generate profit through fraudulent clicks. What’s more is that the malware seems to have been created by someone who has a considerable amount of skill. To make things worse is that BCMUPnP_Hunter also appears to scan from over 100,000 sources, making this botnet quite large.

How Does This Prove That Patches Aren’t Working?
In order for BCMUPnP_Hunter to work as intended, it must target devices that have BroadcomUPnP enabled to take advantage of a vulnerability. The thing is that this vulnerability has been patched since 2013 when it was first discovered, meaning that most manufacturers have issued a patch since then. Therefore, the majority of devices being used by this threat are those that haven’t been patched for some reason or another.

The Lesson Learned
A simple lesson can be learned here. It goes to show that any equipment on your infrastructure that’s not maintained could be putting your business at risk. This includes making sure that you implement patches and security updates as soon as they are released. Of course, they aren’t always broadcast to the public--after all, who would want to admit that the product they have created is vulnerable to attack, and that the vulnerability is being exploited? As a business owner, it’s your responsibility to keep up with the latest threats.

Granted, not all business owners have the time or luxury to focus on something like this. For those who want to minimize the threat posed by vulnerabilities, give the IT professionals at DatCom a call at 903-842-2220.

The Pros and Cons of Automating Business Processes
Tip of the Week: Improve Your Business’ Wi-Fi


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, March 18 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Cloud Business Computing Network Security Hosted Solutions Google User Tips Microsoft Hackers Internet Software Productivity Tech Term Malware Business Mobile Devices Email Innovation Workplace Tips Backup Data Backup Smartphones Communications Data Hardware VoIP Cloud Computing Small Business Android Smartphone Business Continuity Efficiency Data Recovery IT Services Ransomware Communication Router Managed IT Services Windows 10 Cybersecurity Disaster Recovery Computer Artificial Intelligence Alert Network Outsourced IT Server Windows Internet of Things Cybercrime IT Support Browser Business Management Law Enforcement Chrome Windows 10 Office 365 How To Money Collaboration Gadgets Miscellaneous Applications Computers Password Mobile Device Quick Tips Productivity BDR Facebook Passwords Word Telephone Systems Managed IT Services Wi-Fi Information Spam Saving Money Social Media Virtualization Holiday Flexibility Apps Health Encryption Phishing Mobility Voice over Internet Protocol Social Engineering Office Data Security Private Cloud Two-factor Authentication Avoiding Downtime Keyboard Operating System Data Protection Vulnerability Paperless Office Government App Work/Life Balance Connectivity Managed Service Microsoft Office Settings Save Money Mobile Device Management BYOD Website Telephone System Remote Computing Identity Theft Infrastructure Data Breach Managed IT Software as a Service Human Resources Google Drive Sports Spam Blocking Upgrade Bandwidth VPN Business Intelligence Augmented Reality IT Plan End of Support Fraud Access Control Update Cryptocurrency Botnet Office Tips Data Management Scam Networking Public Cloud Servers Telephony Legal Unsupported Software Remote Monitoring Windows 7 CES HaaS Machine Learning Content Management Data Storage Entertainment Google Docs Virtual Assistant Meetings OneNote Bring Your Own Device Net Neutrality Redundancy Comparison Blockchain Employer-Employee Relationship IT Management Automation Music Computer Care eWaste Google Search Hosted Computing Wire Mouse Excel Password Management Security Cameras Tools Hacking FCC Thought Leadership Mobile Computing Physical Security Advertising Company Culture Computer Fan Sync Worker Commute Firewall Specifications File Sharing Internet Exlporer Risk Management Evernote Battery Wearable Technology Criminal Knowledge Data loss Proactive IT Apple Scalability Credit Cards Inventory Administrator Tip of the week Password Manager NIST Downtime Hacker Automobile Patch Management Title II Netflix Camera Black Market Training Managing Stress The Internet of Things Shortcuts Staff webinar Search Politics Wireless Charging Windows Server 2008 Marketing Education USB Samsung Network Congestion Screen Mirroring ISP iPhone Techology Content Current Events Smart Office Windows 10s Microchip Business Mangement Root Cause Analysis Smartwatch Online Accountants Addiction HBO FENG Social Document Management Big Data Millennials Conferencing Remote Worker Internet exploMicrosoft How to Cortana Search Engine Wireless Computing Infrastructure Value Multi-Factor Security IT Consultant Cast Cryptomining Audiobook Electronic Medical Records Amazon Authentication Charger WiFi Gmail Safe Mode Employee Video Games IBM Telecommuting Cache Warranty Outlook Users Hybrid Cloud Experience HVAC Vendor Skype Best Practice Save Time Workforce Digital Signature Emails Wiring Software Tips Recovery HIPAA Travel Google Apps Solid State Drive Bing Flash History Trending Leadership Database Instant Messaging Amazon Web Services Nanotechnology Cleaning Recycling Digital Signage Supercomputer Remote Work Practices Wireless Internet Printer Frequently Asked Questions IT Support Information Technology Enterprise Content Management Display Start Menu PDF Devices Unified Threat Management Budget Workers YouTube Audit Help Desk Virtual Reality MSP Business Technology Hiring/Firing Online Shopping Smart Tech Smart Technology CrashOverride Wireless Technology Emergency IT solutions Rootkit Employer Employee Relationship Compliance Two Factor Authentication Twitter Business Owner Content Filtering Assessment Computer Accessories Regulation Safety Printers Vendor Management Television Bluetooth Troubleshooting Managed Service Provider Transportation Books Public Computer Loyalty Biometric Security Benefits Webinar Shadow IT Worker Hosted Solution SaaS