Linksys by Cisco Routers and “psyb0t” Botnet
We were recently alerted of the “psyb0t” botnet, which allegedly compromises WAN internet modems and routers, and immediately began investigating if it might utilize our Linksys by Cisco products to attack an entire home network. We initially learned that this botnet depends on weak network passwords which it could easily guess, such as ‘admin’ (which is set as the default password on Linksys by Cisco routers) or ‘12345’ to infiltrate and then infect a router. Its actions after that remain relatively ambiguous. Home networks often have these obvious sorts of passwords as their default setting, so if consumers do not change their password upon set-up, they may be more at risk from intruders. However, this botnet allegedly can try any word in the dictionary to access a home network, so even those who do change their passwords may be at risk if it is too a common word.
After a thorough investigation, the Cisco Consumer Business Group suggests that all owners of Linksys by Cisco routers follow these steps to help ensure secure their networks:
1. Change your password from the default setting and make it unique, not something that could be found in a dictionary! Use capital letters and symbols in your password.
2. Take a look at your router settings and make sure that remote access to the router settings is disabled.
3. Watch for firmware upgrades on our website and make sure you actually download them. Network management software like Network Magic can assist with reminders to do so.
Users can help protect themselves and their network from psyb0t and other unwanted intruders by taking a few moments to establish a strong password for their router.
Let us know if you have any questions about the psyb0t Botnet in the comment section below. You can also find us on Facebook and Twitter.
Posted by Johanna Fry at 10:54AM PST
Johanna Fry
James Apr 21, 2009
So why is Linksys (along with all the other vendors) still shipping products with a single well known default password?
These devices already come with a label on the bottom that describes unique data programmed into the device - the MAC address.
It can’t be that technically challenging to auto-generate a strong unique default password for each device, program it into an SPROM on the device and print it on the label attached to the device.
This eliminates threats like this botnet.
Owners should still be encouraged to change the password, because the default is now written on the bottom of the device. However, if someone is in your house reading the default password off the bottom of your network device you already have bigger problems.