Skip to main content
  1. Home
  2. Computing
  3. News

Hacker infects 100K routers in latest botnet attack aimed at sending email spam

Add as a preferred source on Google
Linksys WRT3200 ACM router review
Bill Roberson/Digital Trends

A hacker managed to exploit a five-year-old vulnerability in home routers to create a botnet affecting approximately 100,000 home routers. The botnet was initially discovered in September by researchers from the Netlab team at Qihoo 360, a Chinese internet security company, and it’s likely that the hacker is leveraging this network of compromised routers to send spam emails.

The botnet was built on a 2013 vulnerability on Broadcom’s UPnP SDK. This SDK, which is used on numerous routers, allows an attacker to conduct a remote attack and execute malicious code without requiring any authentication. “It’s the worse kind of vulnerability that exists in the world of Internet-connected devices,” ZDNet reported.

Recommended Videos

Though this latest botnet, which is known as BCMUPnP_Hunter, isn’t the first to exploit this vulnerability, it is the first to use what appears to be new source code to infect routers. Most Internet of Things botnets today use code that has been leaked online to carry out their attacks, but researchers claim that they have not seen similar code to that used on BCMUPnP_Hunter, suggesting that the hacker is authoring new code for the attack. Prior to BCMUPnP_Hunter, a widely reported Russian malware had infected routers worldwide, prompting the FBI to issue a warning to consumers to reset their routers.

In carrying out the attack, Netlab security researcher Hui Wang said in a blog post that the bot “has to go through multiple steps to infect a potential target.”

A proxy is able to communicate with popular mail servers, such as Outlook, Hotmail, and Yahoo! Mail. Because of this, Wang’s team believes that the attacker is using the botnet to send out spam. Additionally, the number of affected routers has steadily grown in the past few months, with a potential to infect 400,000 routers. “Altogether,we have 3.37 million unique scan source IPs,” Wang said. “It is a big number, but it is likely that the IPs of the same infected devices just changed over time.”

BCMUPnP_Hunter affects routers worldwide with Broadcom’s UPnP feature enabled, but India, China, and the U.S. are among the largest targets. A fix hasn’t been reported yet to combat this latest botnet infection.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Gemini can make sense of the world around you, but don’t let it observe your children just yet
AI can spot what a child is doing, but figuring out what it means still takes a human expert
Kid using an iPad

Google's Gemini models are becoming remarkably good at understanding videos, images, and conversations. A new study shows AI can even identify subtle behaviors in parent-child interactions with impressive accuracy. But here's the catch: while Gemini can reliably observe what is happening, researchers say it should not be trusted to decide what those behaviors actually mean.

Worth noting is that the study used Gemini 2.5 Pro, which is not Google's most advanced AI. That means future models could improve the results even further. Even so, the researchers argue that human experts remain essential.

Read more
Satechis’s color-matched MacBook Neo accessories are just too pretty to ignore
If you wish Apple made peppy accessories for its budget laptop, Satechi heard your prayers without charging you a bomb for it.
Satechi MacBook Neo accessories

Satechi, which makes some fantastic charging and PC peripherals, has just launched a whole bunch of accessories targeted at the MacBook Neo. But instead of making them boring and drab, the company has actually color-matched them to the exact shade that you get on Apple's budget-centric laptop. The offerings on the table include a multi-port adapter, a USB-C snap hub, and a wireless mouse, and all of them are now available to buy starting at $29.99 from Satechi's website and Amazon. Color options that are up for grabs include Citrus, Blush, Indigo, and Silver

Satechi OntheGo 5-in-1 Multiport Adapter ($44.99)

Read more
ChatGPT’s hiking advice left two hikers stranded on a mountain in Poland
The chatbot directed the pair onto a climbing route neither had the skills to finish, and it's not the first time AI has sent travelers somewhere they shouldn't have gone.
Bag, Clothing, Coat

A shortcut recommended by ChatGPT left two hikers stuck on a mountain face in Poland this month, and they needed a helicopter to get back down. It's the latest case of an AI chatbot steering travelers toward routes it has no real way to evaluate.

ChatGPT's shortcut led straight to a dead end

Read more