Hacker infects 100K routers in latest botnet attack aimed at sending email spam

Linksys WRT3200 ACM router review
Bill Roberson/Digital Trends

A hacker managed to exploit a five-year-old vulnerability in home routers to create a botnet affecting approximately 100,000 home routers. The botnet was initially discovered in September by researchers from the Netlab team at Qihoo 360, a Chinese internet security company, and it’s likely that the hacker is leveraging this network of compromised routers to send spam emails.

The botnet was built on a 2013 vulnerability on Broadcom’s UPnP SDK. This SDK, which is used on numerous routers, allows an attacker to conduct a remote attack and execute malicious code without requiring any authentication. “It’s the worse kind of vulnerability that exists in the world of Internet-connected devices,” ZDNet reported.

Though this latest botnet, which is known as BCMUPnP_Hunter, isn’t the first to exploit this vulnerability, it is the first to use what appears to be new source code to infect routers. Most Internet of Things botnets today use code that has been leaked online to carry out their attacks, but researchers claim that they have not seen similar code to that used on BCMUPnP_Hunter, suggesting that the hacker is authoring new code for the attack. Prior to BCMUPnP_Hunter, a widely reported Russian malware had infected routers worldwide, prompting the FBI to issue a warning to consumers to reset their routers.

In carrying out the attack, Netlab security researcher Hui Wang said in a blog post that the bot “has to go through multiple steps to infect a potential target.”

A proxy is able to communicate with popular mail servers, such as Outlook, Hotmail, and Yahoo! Mail. Because of this, Wang’s team believes that the attacker is using the botnet to send out spam. Additionally, the number of affected routers has steadily grown in the past few months, with a potential to infect 400,000 routers. “Altogether,we have 3.37 million unique scan source IPs,” Wang said. “It is a big number, but it is likely that the IPs of the same infected devices just changed over time.”

BCMUPnP_Hunter affects routers worldwide with Broadcom’s UPnP feature enabled, but India, China, and the U.S. are among the largest targets. A fix hasn’t been reported yet to combat this latest botnet infection.

Computing

Apple discontinues AirPort Extreme, Time Capsule as it exits Wi-Fi router business

Apple is now officially no longer in the router business. The company had already stopped selling the AirPort Express, and now its retail stores and websites have stopped offering the AirPort Extreme and Time Capsule.
Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Gaming

Your PlayStation 4 game library isn't complete without these games

Looking for the best PS4 games out there? Out of the massive crop of titles available, we selected the best you should buy. No matter what your genre of choice may be, there's something here for you.
Gaming

Hacker finds Steam bug that unlocks free games, collects $20K for reporting it

Security researcher Artem Moskowsky discovered a Steam bug that allowed him to generate infinite free keys for any game. Instead of abusing the exploit, Moskowsky reported it to Valve, which gave him a $20,000 reward.
Computing

Turn your iPad into a display for your new Mac Mini with this workaround

The folks at Luna Display have figured out a workaround which lets you get the best of both worlds and use Wi-Fi and an adapter in order to turn your iPad into a display for the 2018 Mac Mini.
Computing

Latest SMS breach could allow hackers access to your online accounts

A new security breach that exposed more than 26 million text messages could be a huge nightmare for users relying on two-factor authentication. Many of the SMS on the database contained security codes and account reset links.
Computing

Microsoft’s Windows 10 Mail client goes freemium with the introduction of ads

Microsoft Windows Insiders are finding a nasty surprise inside the Mail app on the latest Windows 10 preview build in the form of banner ads. These ads will appear in the Mail app regardless of the webmail service you use.
Computing

All the best Apple MacBook deals for Black Friday 2018

Shoppers looking for a new Apple laptop could find huge savings on a new MacBook come Black Friday. Retailers are offering discounts as much as $650 on select MacBook, MacBook Air, and MacBook Pro models this holiday season.
Computing

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.
Computing

PDF to JPG conversion is quick and easy using these simple methods

Converting file formats can be an absolute pain, but it doesn't have to be. We've put together a comprehensive guide on how to convert a PDF to JPG, no matter which operating system you're running.
Computing

Crypto hangover could take blame for Nvidia’s potential GeForce RTX 2060 delay

Nvidia's delay in announcing a ship date for its GeForce RTX 2060 GPU could be due to a burst in the cryptocurrency mining bubble. Executives blamed the crypto hangover for an oversupply of inventory on existing GTX 1060 cards,
Computing

Save $900 on the ThinkPad X1 Carbon and more with Lenovo’s Cyber Monday sales

In the latest set of holiday sales, Lenovo is heavily discounting its fifth-generation ThinkPad X1 Carbon and other popular Windows laptops and 2-in-1s for the holiday shopping season.
Computing

Want to make one hard drive act like two? Here's how to partition in Windows

If you don't want all of your files stored in one place but only have one drive to work with, partitioning is your best way forward. Here's how to partition a hard drive in Windows 10, step by step.
Computing

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up speech-to-text in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.