XFER Blog

XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

What is a Router Botnet? Find Out Today!

What is a Router Botnet? Find Out Today!

Ordinarily, one of the best ways to protect your organization’s infrastructure is to make sure any and all patches administered to the software you use are applied as soon as possible after they’ve been released. However, patches don’t help against threats that aren’t discovered at the moment they are released. The recent spread of BCMUPnP_Hunter botnet shows that it’s not enough for people to keep patching their systems.

Threat Background
This botnet was initially discovered in September. Since then, it has infected devices to support a huge spam email campaign. BCMUPnP_Hunter is able to zero-in on victims thanks to its ability to scan for potential targets, like routers with the BroadCom University Plug and Play feature enabled. The system can then be taken over by the hacker.

It is assumed that the network created by BCMUPnP_Hunter was created to send out spam emails. The threat creates a proxy that communicates with email servers, allowing attackers to use botnets to generate profit through fraudulent clicks. What’s more is that the malware seems to have been created by someone who has a considerable amount of skill. To make things worse is that BCMUPnP_Hunter also appears to scan from over 100,000 sources, making this botnet quite large.

How Does This Prove That Patches Aren’t Working?
In order for BCMUPnP_Hunter to work as intended, it must target devices that have BroadcomUPnP enabled to take advantage of a vulnerability. The thing is that this vulnerability has been patched since 2013 when it was first discovered, meaning that most manufacturers have issued a patch since then. Therefore, the majority of devices being used by this threat are those that haven’t been patched for some reason or another.

The Lesson Learned
A simple lesson can be learned here. It goes to show that any equipment on your infrastructure that’s not maintained could be putting your business at risk. This includes making sure that you implement patches and security updates as soon as they are released. Of course, they aren’t always broadcast to the public--after all, who would want to admit that the product they have created is vulnerable to attack, and that the vulnerability is being exploited? As a business owner, it’s your responsibility to keep up with the latest threats.

Granted, not all business owners have the time or luxury to focus on something like this. For those who want to minimize the threat posed by vulnerabilities, give the IT professionals at XFER a call at 734-927-6666 / 800-Get-XFER.

The Pros and Cons of Automating Business Processes
Tip of the Week: Improve Your Business’ Wi-Fi
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, January 17 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Privacy Microsoft Internet Cloud Best Practices Saving Money Backup Software Workplace Tips Business Computing Managed Service Provider Hosted Solutions Data Hackers Small Business Google Mobile Devices Hardware Productivity VoIP Mobile Office Malware Email Gadgets Quick Tips Network Security Network Efficiency Innovation IT Support Business Management Business IT Services Social Media Business Continuity Miscellaneous Smartphones Server Upgrade Virtualization Communication Disaster Recovery User Tips Windows Data Backup Communications Computer Managed IT Services Microsoft Office Users Smartphone Data Recovery Passwords Browser Mobile Device Management Android Holiday WiFi Save Money Marketing Alert Ransomware Tech Term Outsourced IT Internet of Things Mobile Computing Cybercrime BDR Vendor Management Cloud Computing Windows 10 Router Operating System Chrome Remote Monitoring Bring Your Own Device Apple BYOD Artificial Intelligence Information Technology Computers Avoiding Downtime Automation Cybersecurity Big Data Remote Computing Current Events IT Solutions Best Practice History Going Green The Internet of Things Managed IT Services Firewall VPN Spam Telephone Systems Phone System Wireless Technology Employer-Employee Relationship Health IT Consultant Trending Application Collaboration Hacking Printer Facebook Social Engineering Lithium-ion Battery Office Productivity Budget Mobility Windows 10 Excel App Bandwidth Money Proactive IT Business Managament Networking Mouse Business Intelligence How To Fax Server Office 365 Content Filtering Applications Two-factor Authentication Maintenance Mobile Device Windows 8 Phishing Recovery Unified Threat Management IT Support iPhone Tutorials Private Cloud Training Hard Drives Antivirus Gmail Virus Redundancy Law Enforcement Access Control Encryption Settings Analytics Information Apps Data Protection Google Drive Blockchain PowerPoint Sports Managed IT Value Word User Error Website Humor Data Security Outlook Customer Relationship Management Compliance Voice over Internet Protocol Data Management Inbound Marketing Flexibility Social Entertainment IT Management Saving Time Servers Retail Administration Machine Learning Downtime Human Resources File Sharing Memory Tech Support Software as a Service Digital Payment Analysis Social Networking Computer Repair Conferencing Network Congestion Hacker Managed Service Scam Search Vulnerability Connectivity Tablet Twitter Save Time Administrator Document Management Office Tips Identity Theft Wi-Fi Streaming Media Risk Management Workers Telephone System Meetings Programming Credit Cards Skype DDoS Webinar Running Cable Instant Messaging Solid State Drive Smart Tech Augmented Reality Intranet Data loss CES Touchscreen Wearable Technology Help Desk Fraud Black Market Environment Spam Blocking IT Plan Biometrics Cleaning Password Wireless Physical Security Content Management Public Cloud Display IT service Best Available SaaS Video Surveillance Bluetooth Unsupported Software Infrastructure People Paperless Office Update OneNote Data storage Samsung Piracy IBM Robot Comparison Internet Exlporer Leadership Online Currency USB Data Storage Telephony eWaste Keyboard Google Docs PDF Virtual Assistant Recycling Windows 7 Point of Sale HaaS End of Support Computer Accessories Education Safety Work/Life Balance Data Breach Botnet Statistics YouTube Government Cost Management Digital Signature Alerts IoT Remote Support Root Cause Analysis Regulations Evernote Reputation Wireless Internet Warranty nternet Crowdfunding Travel Criminal Internet exploMicrosoft NIST Computer Fan HBO Thought Leadership E-Commerce Upgrades Supercomputer Analyitcs Text Messaging Electronic Health Records eCommerce Law Firm IT Customer Service Millennials NarrowBand Line of Business Company Culture Mobile Cortana Multi-Factor Security Strategy Uninterrupted Power Supply Work Station Consultant Wireless Charging Gaming Console Customers Wire Microchip Advertising Cryptocurrency FENG Frequently Asked Questions Content Filter Camera LinkedIn Knowledge Distributed Denial of Service Files Vendor Patch Management Cameras Workforce Chromecast Authentication MSP Net Neutrality Professional Services Google Apps 360 Emails Lifestyle Insurance Windows 8.1 Update Licensing Screen Mirroring Flash Fiber-Optic Smart Office Notifications Safe Mode Electronic Medical Records WIndows 7 Tip of the week Amazon Storage Virtual Reality Colocation HVAC Security Cameras Debate Printer Server Windows 10s Shortcut Telecommuting Laptop Nanotechnology Remote Worker Business Owner Tools Search Engine Worker Commute Shadow IT Practices Charger User Cast Sync Cables SharePoint Macro Hybrid Cloud Accountants Business Technology Hiring/Firing Managing Stress Domains Windows Server 2008 Amazon Web Services Webcam Addiction Virtual Private Network HIPAA Bloatware IaaS Computing Infrastructure Enterprise Content Management Software Tips Remote Work Touchpad Wiring Science Co-managed IT Password Manager Students Bing Hosted Solution Legal Hosted Computing Proactive Computer Care Unified Communications Relocation Entrepreneur Staff PC Care Online Shopping Monitor Cache Project Management Business Mangement 3D Password Management IT Security Audit Scheduling Devices GDPR Tablets Healthcare Shortcuts Print Server Windows Media Player Netflix Virtual Desktop Data Warehousing Specifications Inventory Remote Monitoring and Maintenance Hiring/Firing Start Menu Theft eBay Experience Two Factor Authentication Battery Content Emergency Video Games Music Regulation Worker Audiobook Thank You Scalability Assessment Rootkit Utility Computing Printers Politics Transportation Congratulations How to Television Troubleshooting Webinar Techology Employee/Employer Relationship Benefits Smartwatch Automobile Public Computer IT solutions Employer Employee Relationship CrashOverride Smart Technology Books Loyalty

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *