k_Street Consulting, LLC Blog

What is a Router Botnet? Find Out Today!

What is a Router Botnet? Find Out Today!

Ordinarily, one of the best ways to protect your organization’s infrastructure is to make sure any and all patches administered to the software you use are applied as soon as possible after they’ve been released. However, patches don’t help against threats that aren’t discovered at the moment they are released. The recent spread of BCMUPnP_Hunter botnet shows that it’s not enough for people to keep patching their systems.

Threat Background
This botnet was initially discovered in September. Since then, it has infected devices to support a huge spam email campaign. BCMUPnP_Hunter is able to zero-in on victims thanks to its ability to scan for potential targets, like routers with the BroadCom University Plug and Play feature enabled. The system can then be taken over by the hacker.

It is assumed that the network created by BCMUPnP_Hunter was created to send out spam emails. The threat creates a proxy that communicates with email servers, allowing attackers to use botnets to generate profit through fraudulent clicks. What’s more is that the malware seems to have been created by someone who has a considerable amount of skill. To make things worse is that BCMUPnP_Hunter also appears to scan from over 100,000 sources, making this botnet quite large.

How Does This Prove That Patches Aren’t Working?
In order for BCMUPnP_Hunter to work as intended, it must target devices that have BroadcomUPnP enabled to take advantage of a vulnerability. The thing is that this vulnerability has been patched since 2013 when it was first discovered, meaning that most manufacturers have issued a patch since then. Therefore, the majority of devices being used by this threat are those that haven’t been patched for some reason or another.

The Lesson Learned
A simple lesson can be learned here. It goes to show that any equipment on your infrastructure that’s not maintained could be putting your business at risk. This includes making sure that you implement patches and security updates as soon as they are released. Of course, they aren’t always broadcast to the public--after all, who would want to admit that the product they have created is vulnerable to attack, and that the vulnerability is being exploited? As a business owner, it’s your responsibility to keep up with the latest threats.

Granted, not all business owners have the time or luxury to focus on something like this. For those who want to minimize the threat posed by vulnerabilities, give the IT professionals at k_Street Consulting, LLC a call at (202) 640-2737.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, February 21 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Humor Professional Services Google Apps Artificial Intelligence Shadow IT Digital Signage Congratulations Students Gmail Bandwidth YouTube Regulations Root Cause Analysis Knowledge Computer Accessories Read Archive Work/Life Balance Mobile Device Conferencing Training Microsoft HaaS Virtualization Amazon Web Services Analytic IaaS Regulation Telecommuting Big data Employer-Employee Relationship Bluetooth Unified Threat Management Spam Blocking BYOD Administration Recovery IT solutions malware Data Security Amazon Electronic Medical Records webinar Money Backup NarrowBand Security Cameras Remote Monitoring and Maintenance Windows 7 Content Filter Managed IT Services Google Search HVAC Recycling Voice over Internet Protocol Data Recovery Tip of the week Specifications Touchscreen Social Engineering Productivity Cybersecurity Tip of the Week Fiber-Optic Mouse Flexibility Tools Wi-Fi Printer Server Digital Signature Project Management Windows 8 Software Tips Shortcuts Mobility Public Cloud Website Data Storage The Internet of Things Books HIPAA Employer Employee Relationship Flash Office Tips Thought Leadership Best Available Google Drive Consultant Wearable Technology Encryption Browser Save Time Networking Benefits Science Touchpad Streaming Media Inventory Workforce Retail Data Management Technology Fraud IT Solutions Tablet Data loss DDoS Addiction Business Computing Software Rootkit Statistics Bloatware History Domains Employee Hosted Computing Microchip Content User Tips Virtual Desktop Computer Care Private Cloud Devices Cost Management Enterprise Content Management Upgrade Ransomware Infrastructure Data Breach Smart Tech Patch Management avoiding downtime Television Tech Support Practices Automobile Emails Warranty Small Business Unified Communications Sync Privacy Managed Service Smartphones File Versioning Cache Data Backup Cybercrime Quick Tips Government Skype Communication Telephony Efficiency Analysis Shortcut Search ISP Leadership Business Intelligence Assessment Instant Messaging User Error Battery Hardware Help Desk Social Content Filtering Augmented Reality Firewall Vulnerability File Sharing Multiple Versions App Paperless Office SaaS Mobile Office Credit Cards Hard Drives Data Warehousing Botnet Two-factor Authentication Screen Mirroring Relocation Managed Service Provider Phone System E-Commerce Virtual Private Network Business Continuity Connectivity Internet of Things USB OneNote Fax Server Worker Windows 10 Health Utility Computing Wireless Technology Information Technology Proactive IT Line of Business Best Practices Productivity Internet Exlporer Workplace Tips Files PowerPoint Reputation Content Management Update Company Culture Online Shopping IBM Current Events Uninterrupted Power Supply Settings Bing Router Office Users Net Neutrality Analyitcs Gadgets Strategy Windows 10s Google Docs Nanotechnology Server Identity Theft Marketing Robot Point of Sale Vendor Music Audiobook Virtual Assistant Social Networking communications How to Facebook Microsoft Office Thank You Running Cable Cloud Environment Insurance Chrome Lifestyle Proactive Smartwatch Transportation Backup and Disaster Recovery Holiday Phishing Samsung Solid State Drive Entertainment analytics Employee/Employer Relationship WiFi Public Computer Hacker Collaboration Multi-Factor Security Email Managed IT Evernote Pain Points Vendor Management VPN NIST Wiring iphone Hacking Hackers travel WIndows 7 Hosted Solution Unsupported Software Staff CES Business Business Management Going Green Apple Best Practice Authentication Human Resources Biometrics Customer Service Smart Office Saving Money Healthcare Electronic Health Records Smart Technology Outsourced IT Video Games Operating Systems Programming Millennials Politics Supercomputer Gaming Console Social Media Downtime Wire Managing Stress IT Plan MSP Education Two Factor Authentication Business Technology Password Chromecast IoT eWaste Cloud Computing Mobile Search Engine Computer Apps Charger Distributed Denial of Service Data Protection Cortana Troubleshooting GDPR Worker Commute VoIP Remote Monitoring Workers Monitor Trending Software as a Service Cryptocurrency Remote Work Webinar Techology IT Consultant Safe Mode Hosted Solutions Remote Computing Start Menu Save Money Windows Media Player Hring/Firing Spam Mobile Devices Digital Payment Intranet Lithium-ion battery Value Windows 10 Frequently Asked Questions Experience Entrepreneur Network Security Password Manager Black Market Accountants Memory Google Wireless Wireless Charging Netflix Cast Machine Learning Computer Fan Computers Password Management Legal Criminal Printers Theft Tech Term Antivirus Physical Security Network IT Management Application Innovation Loyalty People Storage Emergency Maintenance Security Budget Cables Product Reviews End of Support IT Services LinkedIn Information Outlook Comparison Camera Mobile Computing Passwords Excel Virtual Reality Miscellaneous Alert Scalability Display Saving Time Keyboard Windows Sports Safety Tablets IT service CrashOverride Compliance Automation Cleaning Data storage Hiring/Firing SharePoint Smartphone Laptop Law Enforcement Access Control Disaster Recovery Network Congestion Managed IT Services Internet Colocation Printer Internet exploMicrosoft IT Support Virus BDR Computing Infrastructure Business Owner Meetings Scam Advertising Computer Repair Telephone Systems FENG Cameras Notifications Operating System User Word Servers Audit Administrator Mobile Device Management Business Mangement IT Support Restore Data Document Management Data Windows Server 2008 How To Remote Worker Twitter eCommerce Telephone System Hybrid Cloud Redundancy Office 365 Bring Your Own Device Customer Relationship Management Wireless Internet Android Blockchain Applications PDF HBO Risk Management Customers Online Currency

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *