Don’t shoot for ‘TheMoon’: New malware takes aim at Linksys routers

If you own a Linksys router, beware: There’s a new strain of malware that’s making its way through the Internet as we speak.

The virus is called “TheMoon,” and it was discovered by some researchers at the Internet Storm Center, which makes its home at the SANS Institute, a private firm that specializes in Internet security. Hackers using the TheMoon can log into your router without actually knowing the router’s credentials. However, your Linksys router is only vulnerable to TheMoon if Remote Management Access is enabled within the hardware’s administrative settings.

Possible Linksys routers affected by TheMoon include the following models: E300, E900, E1000, E1200, E1500, E1550, E2000, E2100L, E2500, E3000, E3200, E4200, WAG320N, WAP300N, WES610N, WAP610N, WRT610N, WRT400N, WRT600N, WRT320N, WRT160N, and WRT150N. An exploit writer who goes by the alias “Rew” compiled this list, stating that these routers might be affected and that the list wasn’t necessarily a complete one.

Linksys published an official blog post where they addressed TheMoon, and included a solution on how to safeguard your Linksys router from infection. Here’s what Linksys had to say:

“Linksys is aware of the malware called The Moon that has affected select older Linksys E-series Routers and select older Wireless-N access points and routers. We will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks.”

Linksys recommends that, on top of disabling Remote Management Access in your router’s settings, you should also enable Filter Anonymous Internet Requests, which you can find under the Administration-Security tabs. You should also update your Linksys router’s firmware to the latest version, which you can do by clicking here, and reboot by unplugging and plugging its power cable back in once you’ve completed all the other steps.

What do you think? Sound off in the comments below.