[PCWorld]

Post your comments for Nasty New Worm Targets Home Routers, Cable Modems here

[pj80226]

Why are the 55 models not listed?

[Envergure]

I agree with PJ

[grunjee]

Probably because there are 55 of them...

[SimonL]

well, the 55 models of routers are, most of ones with programable interfaces, kinda most of the new models, as a point , beside changing the default password, try not to use something easy (like simple words, short string of consecutive numbers or same number repeated a few times only) and try to disable UPNP function on the router and the web acces to it.

[publicmenace]

Thanks for the tips, SimonL. I opened my router's interface and found that I had "Remote Management" disabled but UPnP enabled, so I disabled that.
Trouble is, many ordinary users won't bother to do any of these steps or won't be able to figure out how to do them. Most people can't be bothered to apply secure configurations or best practices to their computer equipment because they feel it's too cumbersome, inconvenient or confusing to do so. Also, it's a fear of "breaking" something.
Thus, botnets are born.

[AS440]

After checking with Netgear technical telephone support, I was informed that Netgear routers (mine is a WGR614 v6) will not allow the user name to be changed from the manufacturer's default name "admin."

[publicmenace]

"WGR614 v6) will not allow the user name to be changed from the manufacturer's default name "admin." That's cold. Make sure that you generate a really obscure password full of a combination of uppercase, lowercase and numeric characters.

[ggand4]

you're right, they didn't mention the 55 router brands but FYI.... here's the list of almost all the router brands... click here : http://www.mysimon.c...-11605_8-0.html

[Kinman]

I have the same concern as public.
The remote access option in my router disabled (and no reason to enable it anyway, I don't need to access my router outside), but this worn can access the router anyway? In another word, this worn can access the private LAN from outside?
I like UPnP though, very convenient, don't need to forward ports manually. But I also like software like bitcomet that can take back the upnp setting when I close the program, so the setting won't stay forever.

[Scunnerous]

Worth noting that all the devices which are vulnerable use the "mipsel" CPU, which is the MIPS32 chip, set for little endian mode. Those are usually an embedded design such as the Broadcom BCM5352 chipset used in many G routers. There's a whole family of Broadcom chipsets which are code compatible which is why there are so many affected devices.

[SimonL]

i think that , with web interface disable is good, is not enough, if the worm will attack LAN side, so that's why I suggested UPNP to disable, that's the programmable interface of the router, while an anti virus or firewall concerned, they realy don't block access to default gateway of the network (unless specified)and so your router might get hijacked to do the bidding of the botnet.

the real problem it arises only as traffic jam or busting the limit of your connection if you have one, and as mentioned, it can sniff the trafic from your network to internet and reverse for personal information

[rss2]

What does the UPNP / UPnP function or capability do?

Thanks,

Sandy

[rss2]

I was told today by a Senior Tech at Linksys that the worm arriving on April 1st does not have an effect on Upnp. I do not know whether it does or doesn't.

[Marcomike]

Ok,fine, you've told us about the routers, but what are the effects on DSL modems? and what models of Modems are affect?

[SimonL]

well 2 items on reply...

modems shouldn't be affected by the worm, as most of them have little to do them mere establish the dial-up connection, so modems should be safe

second, UPnP is the automated script interface that allows programs to set the necessary access through the router to the exterior (something like automatic setting up the firewall from router to receive incoming trafic) hence, this is one of the easier way for any type of trojan, virus, etc to assure incoming traffic from the internet, and so turning off this feature and enabling, for each and every application a firewall rule is safer not only in this case, but as a security feature overall (as well turning off the UPnP service in Microsoft ® Windows OS