Another day, another malware attack. ZDNet is reporting that a modified version of Gafgyt is targeting WiFi routers in a rather aggressive fashion.
The malware in question has a long history of targeting known vulnerabilities in popular home and small-office routers. Once compromised, the routers become part of a botnet for use in distributed denial of service (DDoS) attacks-for-hire. The latest version of the malware has been updated to target three wireless routers: the Huawei HG532, Realtek RTL81XX and the Zyxel P660HN-T1A.
Because Gafgyt’s purpose is to build a botnet powerful enough to generate income through paid attacks, the malware’s creators have programmed it to seek and destroy competing malware on any devices it infects.
Researchers at Palo Alto Networks have been studying the malware and provided ZDNet with more information about how it works.
“The authors of this malware want to make sure their strain is the only one controlling a compromised device and maximizing the device’s resources when launching attacks,” said Asher Davila, security researcher at the Palo Alto Networks Unit 42 research division.
“As a result, it is programmed to kill other botnet malware it finds, like JenX, on a given device so that it has the device’s full resources dedicated to its attack.”
Because most of the vulnerable routers are relatively old—by technology standards—most trouble can be avoided by upgrading to a newer model or, at the very least, updating the router’s software.
“In general, users can stay safe against botnets by getting in the habit of updating their routers, installing the latest patches and implementing strong, unguessable passwords,” Davila explained.
“The more frequent the better, but perhaps for simplicity, considering timing router updates around daylight savings, so at least you’re updating twice a year.”