k_Street Consulting, LLC Blog

What is a Router Botnet? Find Out Today!

What is a Router Botnet? Find Out Today!

Ordinarily, one of the best ways to protect your organization’s infrastructure is to make sure any and all patches administered to the software you use are applied as soon as possible after they’ve been released. However, patches don’t help against threats that aren’t discovered at the moment they are released. The recent spread of BCMUPnP_Hunter botnet shows that it’s not enough for people to keep patching their systems.

Threat Background
This botnet was initially discovered in September. Since then, it has infected devices to support a huge spam email campaign. BCMUPnP_Hunter is able to zero-in on victims thanks to its ability to scan for potential targets, like routers with the BroadCom University Plug and Play feature enabled. The system can then be taken over by the hacker.

It is assumed that the network created by BCMUPnP_Hunter was created to send out spam emails. The threat creates a proxy that communicates with email servers, allowing attackers to use botnets to generate profit through fraudulent clicks. What’s more is that the malware seems to have been created by someone who has a considerable amount of skill. To make things worse is that BCMUPnP_Hunter also appears to scan from over 100,000 sources, making this botnet quite large.

How Does This Prove That Patches Aren’t Working?
In order for BCMUPnP_Hunter to work as intended, it must target devices that have BroadcomUPnP enabled to take advantage of a vulnerability. The thing is that this vulnerability has been patched since 2013 when it was first discovered, meaning that most manufacturers have issued a patch since then. Therefore, the majority of devices being used by this threat are those that haven’t been patched for some reason or another.

The Lesson Learned
A simple lesson can be learned here. It goes to show that any equipment on your infrastructure that’s not maintained could be putting your business at risk. This includes making sure that you implement patches and security updates as soon as they are released. Of course, they aren’t always broadcast to the public--after all, who would want to admit that the product they have created is vulnerable to attack, and that the vulnerability is being exploited? As a business owner, it’s your responsibility to keep up with the latest threats.

Granted, not all business owners have the time or luxury to focus on something like this. For those who want to minimize the threat posed by vulnerabilities, give the IT professionals at k_Street Consulting, LLC a call at (202) 640-2737.

The Pros and Cons of Automating Business Processes
Tip of the Week: Improve Your Business’ Wi-Fi
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, April 21 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Two-factor Authentication Sports Music Business Owner Cybercrime WiFi Security Cameras Hiring/Firing Managed Service Provider Robot Work/Life Balance Fax Server Save Time malware Information Saving Time IT solutions Computers Printer Alert Credit Cards Archive Lifestyle Congratulations Strategy Skype Operating Systems Audiobook Internet Exlporer BDR Word CrashOverride Employer Employee Relationship Vendor Management Windows 7 Employee Cryptocurrency Infrastructure Line of Business Servers Holiday Business Intelligence Data Recovery Black Market Managed IT Services IT Services Data Warehousing People Cleaning Tip of the Week Wi-Fi Online Shopping Cables Remote Monitoring Start Menu Best Available Saving Money Inventory Risk Management Conferencing Bloatware Politics Hybrid Cloud Professional Services Virtual Private Network Internet of Things Data Security Shortcut GDPR Mobile Device Management Wireless Charging Remote Monitoring and Maintenance Network 5G IT service IaaS Private Cloud Lithium-ion battery Retail Website Screen Mirroring Customer Relationship Management Router Digital Signature Virtualization Public Computer Software BYOD Data loss Proactive Mobile Office Search Engine Money Office 365 Enterprise Content Management Help Desk webinar Windows 8 Artificial Intelligence Safety Gadgets Root Cause Analysis Books Software as a Service Running Cable Office Tips Cortana User Tips Flexibility Virus Emergency Touchpad Television Electronic Medical Records travel WIndows 7 Printer Server Social The Internet of Things Recovery Students YouTube Shortcuts communications Theft Software Tips Gaming Console Workforce Workplace Tips Rootkit USB Hring/Firing Healthcare Solid State Drive Operating System How to Tablet Best Practices HaaS OneNote LinkedIn Information Technology Computer Care Network Congestion Manufacturing Customers Update Battery OLED Content Communication Blockchain Mobile Device Antivirus Computer Firewall HVAC Legal Customer Service Data Management Data Backup Keyboard Business Technology Assessment Regulations Vendor Amazon Web Services Best Practice Two Factor Authentication User Content Filter IT Plan Cloud Computing Troubleshooting Analytic Regulation Smart Tech Wire End of Support Productivity Facebook Emails Augmented Reality Fraud Biometric Security Tech Support Public Cloud Unsupported Software Mobile Computer Accessories Twitter Search Online Currency Wearable Technology MSP HIPAA Frequently Asked Questions Going Green Email Maintenance Cryptomining Humor Cache Windows 10 Tools Productivity Business Relocation Small Business Save Money Project Management Point of Sale Business Mangement Automation IT Support Collaboration Smartwatch Video Games Data Breach Spam Blocking Microchip Passwords Human Resources File Versioning Cameras Google Search Apple Cybersecurity IoT Insurance eWaste Charger PowerPoint Redundancy Windows 10 Office Criminal Knowledge Social Engineering Mobile Devices Identity Theft Storage VPN Remote Work Hosted Solutions Programming Patch Management Techology Tip of the week CES Wireless Internet Logistics Law Enforcement Analysis Laptop Experience Recycling Machine Learning PDF Big data Backup and Disaster Recovery Monitor Smartphone Network Security Google Drive IT Solutions Specifications Sync Downtime Upgrade Netflix Disaster Recovery Leadership Browser Fiber-Optic Authentication FENG Multiple Versions Value Social Media Unified Threat Management Microsoft Office Privacy Google Remote Worker App Flash Amazon Excel Staff Consultant Hard Drives Windows Media Player Managing Stress Printers Hardware Nanotechnology Miscellaneous Password Management Evernote Computing Infrastructure SharePoint Administrator Reputation Loyalty Bring Your Own Device Windows Biometrics IT Support Data storage Application Domains Transportation Supercomputer Workers Mobile Computing Restore Data Advertising analytics Current Events Access Control Analyitcs Encryption HBO Settings Notifications eCommerce Entertainment Ransomware Google Apps Thank You Outsourced IT Smartphones NarrowBand Audit Accountants Data Protection Hosted Computing Display Content Management Education Net Neutrality Business Computing Colocation Worker Commute Cloud Security Hackers Bandwidth Comparison Chrome Safe Mode Read IT Consultant Chromecast Content Filtering Phone System Statistics ISP Microsoft Utility Computing NIST How To Virtual Assistant Health Company Culture Document Management IT Management E-Commerce Paperless Office Pain Points Wiring Compliance Distributed Denial of Service SaaS Science Benefits Devices Managed Service Training DDoS Webinar Networking Physical Security Telephone System Digital Signage Touchscreen Practices Wireless Technology Warranty Spam Telephony Virtual Reality Backup Scalability Wireless Telephone Systems Multi-Factor Security Gmail Electronic Health Records Camera Mobility Unified Communications Millennials Shadow IT Android Addiction Server iphone File Sharing Environment Memory Business Continuity Marketing Telecommuting VoIP Employer-Employee Relationship Quick Tips Hacking Outlook Users Managed IT Internet exploMicrosoft Bing Smart Office Botnet Tablets Computer Repair Connectivity Password Proactive IT Files avoiding downtime Budget Managed IT Services Business Management Hacker Voice over Internet Protocol Windows 10s Bluetooth Applications Apps Meetings IBM Employee/Employer Relationship Password Manager Efficiency Digital Payment Data Storage Distribution Government Scam Product Reviews Smart Technology Mouse Vulnerability Windows Server 2008 Social Networking Tech Term Internet History Innovation Technology Cast Google Docs Streaming Media Remote Computing Automobile Computer Fan Thought Leadership Samsung Hosted Solution User Error Database Trending Administration Uninterrupted Power Supply Cost Management Phishing Worker Instant Messaging Virtual Desktop Intranet Data Entrepreneur

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *