MIPs Routers being targeted by virus???

Well not really a virus, but to the techno laymen, per say, you could call it that. There is a new botnet that is targeting certain routers and taking control of them. According to this security site, it seems that any router or DSL modem with a MIPS based processor - (ie many variants of the popular Linksys WRT54G wireless internet router), can be potentially hacked if all of the following criteria are met:

• Have a MIPS CPU
• You have opened ports 80, 22, 23 to the public internet
• Have an easy password (anything found in a dictionary)

ALL of the above need to be met, and trully this is not a hack, it is a vulnerability created by you the user, which someone has chosen to take advantage of. To my knowledge, I have never seen a router that opens the above noted ports to the public internet, although 99% of them give the user capability to do so in the router settings.

On to what it does: A botnet as discussed earlier is a group of several infected devices that work together to spread their infection to other devices and perform other ill-will over the internet, all of this done in complete autonomous fashion - in other words its creator {Dr. Frankenstein} unleashes it on the world, and it grows and lives completely independent of its creator.

This botnet attacks weak routers using its dictionary of passwords, once it logs in it replaces a service on the router with one of its own, this new infected service then blocks all access to the router to you the user, then it logs into a chat service where it receives commands from the other bots, kind of a cloud of nastiness. This site lists all of the possible commands a device may perform; there are several, from scanning the internet for other compatible devices that it may infect, to sending massive amounts of traffic to someones network (causing them to loose internet connection).

MIPS based devices can probably be found on a good half of the worlds internet routers, so this is something people should be careful of, most likely nobody has unknowingly opened the noted ports - duh thus they would have awareness of it, at which point the password they use is extremely crucial. Passwords should be at least 8 characters with both numbers and letters which cannot be found in the dictionary, and other signs if allowed by your platform.

This is a truly scary because the infected device may go on un-noticed for days or even weeks doing its dirty deeds, whereas a virus infected computer will usually quickly be noticed by its user. More than likely a user would notice slow internet due to an infected router, but many of its day to day actions may not affect your internet speed.

How to stop an infected device - unplug your internet, then run a factory reset to erase all settings, please first consult your routers manual (usually available for download on the manufacturers website), then start from scratch with a BETTER PASSWORD!!!

What is DroneBL.org?- Well plainly stated at the top of their site: "DroneBL is a realtime monitor of abusable IPs, which has the goal of stopping abuse of infected machines." Which means it may be of interest to security geeks unlike myself (I am not insecure;).

Intel writing Open Sores for the Atom???

Yes its true Intel likes open sores - they are writing an open source linux platform optimized for the Atom platform. It is aimed at becoming a Mobile OS for Atom based mobile appliances. It boots super fast and has support for hardware like the MSI Wind - read more about it here.

Biggest virus in history - NOT

Its even on the 10 o'clock news - ConfickerC will 'strike' on April fools - I myself wonder what it will be striking - Iraq? the Pentagon? should we get in our bunkers?? - I doubt it.

I seem to remember the last largely publicized virus being Nimda - when was that like 1999? Surely this will be no bigger than the Schmitfraud rootkit virus, my techs and I have removed that virus and its variants over the last 3-4 years 100s of times, yet I don't see it on the news.

Well - lets get on to the meat of it, maybe there is some truth here. ConfickerC is a botnet virus, meaning all the infections create a 'domain' that communicates with each of its nodes, kind of a cluster of madness, and they all phone home, but not to a central server like some might think, it calls its relatives to see if they have any updates, if so it downloads them, this is a peer2peer virus that is totally self sufficient once its creator releases it into the wild. The 'do-gooders' of the world are attempting to block these domains, find the source and stop it. So this is were the creators got creative, they developed the bot with several dozen randomly generated domains to use thus making it x times more difficult to prevent.

Here is a complete write-up on the Microsoft site covering the prior variant, ConfickerB, which is now for the most part rendered useless through MS patches.

Compared to the first 2 variants, what differentiates ConfickerC is that it is programmed to use THOUSANDS of domains, making it virtually impossible to accurately block, along with new vulnerability holes to once again allow it access.

Its purpose: ASSIMILATION - just like a cancer, no purpose other than uncontrolled reproduction.
There are many side affects, however they are all towards the end goal of spreading to other computers:

• stop all antivirus programs and windows updates
• lock down permissions on the system so that only it has control
• it will block access to any virus related websites

Once it has complete control of its host it will use a list of passwords to attempt connections on any other computers it finds on the network so that it can authenticate and perform remote code executions to seed its offspring. It will also spread itself via USB flash drives.

Who does it attack?- well the majority of computer users of course, any Windows system will be attacked - my MAC men are probably gloating 'better reason for you to get a MAC' - well please note, MACs get viruses also.

How do you block it?- make sure to have the latest updates from microsoft and your antivirus vendor - daily Automatic updates are your best friend. STAY AWAY FROM ANY popups that report you need antivirus - especially one you have never heard of - google it first.

If you have Symantec Antivirus or AVG and you get a pop-up like this:

IT IS DEFINITELY NOT LEGIT!!!

Virus notifications should plainly come from your antivirus program and you should be familiar with it.

This is all well and good (or bad really), but the first 2 variants were supposed to have caused utter destruction world wide as noted here, but of my dozens of customers, {and they love to get viruses daily} only 3 had a Conficker infection. I prefer to keep all of my customers systems up to date with the latest antivirus, and latest MS updates, with most sites fully monitored for updates. We use antivirus gateway appliances to stop the virus before it touches the network.

So really I wont be surprised to get a call or 2 on April fools.

More than likely I will get dozens if note hundreds of emails from clients and family warning me of the new 'biggest virus ever' they saw on the 10 o'clock news. I still get chain letters from clients warning of the latest snopes verified Hallmark virus from 2005.

UPDATE 4/15/09: Well so far I have only heard of one person getting this conficker infection, and to my delight, it was not one of my customers - this bomb sounds like a real dud.

The best little rat I have cought in a long time

In my field I often come across quite impressive examples of advanced technology, so usually I am unimpressed by such things...

so i found a steal on this Gyration Gyrotransport ($13 @ ebay), and I was a little disappointed when it arrived and it was much smaller than I expected. But after trying it out, this thing is amazing, and the size is actually perfect - its a great difference from the bulky microsoft mouse (actually it was compact) I had. You dont use it like a conventional mouse you dodo - its just like a car alarm remote - you just point it and click with your thumb. 

The transmitter has a 1gb flash built in which came with the software for the mouse, and can go with any files I put on it - geek factor+ 

It works as advertised - 100 foot range, I can go out in the yard and it still works - now i can control my media center while I mow the lawn, and being that my media center controls 2 TVs this thing means I am not locked to one screen - I can just take it with me to the other room. Of course I will probably get another if I cant find a decent steal on the Gyration Media Center remote. 

Its the most functional mouse I have seen so far, and in a light weight package - it will probably get lost fast in the deep pits of the couch.

Google - the new antichrist?

The phone company may think so- In case you didnt hear- they are taking over the world- https://www.google.com/voice/about + http://www.youtube.com/profile?user=Google&view=videos

tons of features, and so far they say its all FREE!!!

Its the obvious Grand Central "single point of contact" or UM on steriods.

*Complete merging of voice calling, SMS messaging, and email
*Follow-me to all your phones
*Voicemail to text
*Rules based routing
*FREEEE outbound dialtone to US and possibly Canada, + low international rates.

How it works - you get a new phone number from google - I know sounds like a pain, but they are obviously trying to get you to take the great plunge of commitment (if you truly use it for an extended period you will probably be torn bleeding to abandon it).

Then you abandon all your other numbers as far as the world is concerned and only provide people with your new "G-number", and pledge your allegance to "G".

Next use your googler number to forward to your cell, home, office - where ever you may roam it will ring them all at once or in other methods.

When you get vmail - it actually goes to text in your email or you can call into your "G-number" and check it.

If you call into your "G-number" it will give you the option to dial back out to any US number for free, or of course theres always the Jabber PC clients, or of course Asterisk/Freeswitch jabber module will then let you call out google from any PBX.

Vonage is going to mess their dividends!!!!

EDIT 4/15/09: Well it seems google has found some insecurities in their service and have shut off all SIP access to google voice, this is a real downer for SIP PBX users like myself, but everything still works as advertised through their application. So far there are no plans to remedy this, hopefully they will, but in my thinking it is only to their advantage to lock users to their platform - duh - how will they see adwords.