I just received a phone call from a ‘highly respectable’ IT company; the caller ID showed a number of 002538020308 which seemed strange considering it was a ‘London based’ company.
Anyway it seems my luck was in as the nice foreign lady wanted to help me with an outbreak of rogue viruses! Apparently they’re crashing computers in my town and mine had become infected; who’d have known but I’m glad I had found out in the nick of time!
I explained to the nice foreign lady that I used to be an IT Systems Engineer and these viruses must be super high tech as my computer seemed OK; the line suddenly went dead leaving me sacred and nervous. My computer seems OK but she did say it was INFECTED and yours may be too!
Foreign number, pigeon English and rampant rogue viruses on the prowl; be warned folks we live in dangerous times!
If you have received this call and then found this post by searching Google et al, yes it’s a scam and well done for not falling for it!
An interesting read on a nasty security flaw. As mentioned change your passwords, if they’re still set at their default settings, and here’s why.
Default Password List
Read on about the vulnerability:
A presentation due to be shown at the Black Hat security conference at the end of the month will show that many of the routers used for residential internet connections are vulnerable to attack by hackers. The attacks would allow traffic to be redirected and intercepted, in addition to giving hackers access to victims’ local networks.
The title of the presentation, “How to Hack Millions of Routers,” gives a clear indication of the scale of the potential issues. Popular router models from Netgear, Linksys, and Belkin were found to be vulnerable, including models used for Verizon’s FIOS and DSL services, as were widely-used third-party firmwares such as DD-WRT and OpenWrt. About half the routers tested did not appear to be vulnerable.
A list of tested routers can be found here; every router with a “YES” in the last column was successfully attacked.
The research was done by Maryland-based security consultancy Seismic. Craig Heffner, a researcher with the company, will both present the research at Black Hat and release a proof-of-concept tool to demonstrate the problem in practice. Heffner believes this is the best way to get router manufacturers to release firmware updates to fix the issue.
In the meantime, the best defense is probably to ensure that your router does not use the default password. Though this can’t guard against exploitation of actual flaws in the router’s software, it will at least prevent trivial attacks from being made. Changing the router’s IP address away from its typical default might also serve as some protection; though the attack could be used to target any IP address on a local network, a little obscurity tends to work well against widely targeted attacks.
This is what Engadget had to say on the matter today:
Cisco and company, you’ve got approximately seven days before a security researcher rains down exploits on your web-based home router parade. Seismic’s Craig Heffner claims he’s got a tool that can hack “millions” of gateways using a new spin on the age-old DNS rebinding vulnerability, and plans to release it into the wild at the Black Hat 2010 conference next week. He’s already tested his hack on thirty different models, of which more than half were vulnerable, including two versions of the ubiquitous Linksys WRT54G (pictured above) and devices running certain DD-WRT and OpenWRT Linux-based firmware. To combat the hack, the usual precautions apply — for the love of Mitnick, change your default password! — but Heffner believes the only real fix will come by prodding manufacturers into action. See a list of easily compromised routers at the more coverage link.