Skip to main content
  1. Home
  2. Computing
  3. News

Hacker infects 100K routers in latest botnet attack aimed at sending email spam

By
Linksys WRT3200 ACM router review
Bill Roberson/Digital Trends

A hacker managed to exploit a five-year-old vulnerability in home routers to create a botnet affecting approximately 100,000 home routers. The botnet was initially discovered in September by researchers from the Netlab team at Qihoo 360, a Chinese internet security company, and it’s likely that the hacker is leveraging this network of compromised routers to send spam emails.

The botnet was built on a 2013 vulnerability on Broadcom’s UPnP SDK. This SDK, which is used on numerous routers, allows an attacker to conduct a remote attack and execute malicious code without requiring any authentication. “It’s the worse kind of vulnerability that exists in the world of Internet-connected devices,” ZDNet reported.

Recommended Videos

Though this latest botnet, which is known as BCMUPnP_Hunter, isn’t the first to exploit this vulnerability, it is the first to use what appears to be new source code to infect routers. Most Internet of Things botnets today use code that has been leaked online to carry out their attacks, but researchers claim that they have not seen similar code to that used on BCMUPnP_Hunter, suggesting that the hacker is authoring new code for the attack. Prior to BCMUPnP_Hunter, a widely reported Russian malware had infected routers worldwide, prompting the FBI to issue a warning to consumers to reset their routers.

In carrying out the attack, Netlab security researcher Hui Wang said in a blog post that the bot “has to go through multiple steps to infect a potential target.”

A proxy is able to communicate with popular mail servers, such as Outlook, Hotmail, and Yahoo! Mail. Because of this, Wang’s team believes that the attacker is using the botnet to send out spam. Additionally, the number of affected routers has steadily grown in the past few months, with a potential to infect 400,000 routers. “Altogether,we have 3.37 million unique scan source IPs,” Wang said. “It is a big number, but it is likely that the IPs of the same infected devices just changed over time.”

BCMUPnP_Hunter affects routers worldwide with Broadcom’s UPnP feature enabled, but India, China, and the U.S. are among the largest targets. A fix hasn’t been reported yet to combat this latest botnet infection.

Editors' Recommendations

Topics
Chuong Nguyen
Chuong Nguyen
Former Digital Trends Contributor
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Best deal ever? Get 80% off PureVPN and an Uber Eats voucher
A close-up of a computer monitor displaying a generic VPN.

Everyone should sign up to a virtual private network, so if you're looking for VPN deals, here's one that you wouldn't want to miss -- two years plus three extra months of PureVPN's Max Plan at 80% off for just $4 per month, for a total of $108 for 27 months. That's $16 in savings per month for dependable online protection, and to top it off, you'll be getting an Uber Eats voucher worth up to $30. We're not sure how much time is remaining on this offer though, so if you're interested, you're going to have to sign up for the subscription immediately.

Why you should sign up for PureVPN Max Plan
A VPN is a necessity in this digital age because it will protect your data from being accessed by cybercriminals. It will also help you get around any geoblocking restrictions as you can have your device appear as if it's located in another part of the world. PureVPN is one of the best VPNs for these purposes, as it uses a global network of more than 6,500 servers that are located across dozens of countries.

Read more
Razer’s most boring product is also one of its best
The Razer Iskur V2 gaming chair in an office.

Razer isn't exactly known for subtlety. This is the company that released a Bane-like RGB face mask, a headset with haptic feedback, and most recently, a mouse pad that has RGB lighting from corner to corner. The Iskur V2 chair is an exercise in subtlety, however, and a change of pace that pays off for Razer in a big way.

There's nothing special about the Iskur V2 at first glance. It's a gaming chair fit with the usual racer-style back and some green trim to let you know it's a Razer product. But there are no motors promising immersive haptic feedback, and no RGB leaving you tethered to a wall outlet (yes, Razer has done both in a chair before). The Iskur V2 is just a well-designed, comfortable chair, and that's exactly why it's so impressive.
Out of the box

Read more
Best OLED monitor deals: Get an OLED screen from just $450
Marvel's Spider-Man running on the Samsung Odyssey OLED G8.

Up to a couple of years ago, OLED technology only really existed in OLED TVs and very-high-end monitors that cost thousands and thousands of dollars. Luckily, the prices have come down quite substantially, even on the best OLED monitors, especially as the market gets more saturated with options. That means that if you tend to use a monitor for the majority of your content consumption, such as gaming, then you can grab an OLED monitor for a great price and experience amazing visual fidelity and reproduction.

To that end, we've gone out and scoured all the major retailers and brands to find our favorite OLED monitor deals out there and compiled them below. That said, if you haven't quite found what you're looking for, or feel you aren't ready for an OLED monitor, be sure to check out some of these other great monitor deals.
LG UltraGear 27-inch gaming monitor -- $660, was $1,000

Read more