Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    TrendLabsSM is currently taking a look at an interesting .ELF file that is actually an IRC backdoor program. We initially found some code suggesting that it performs brute-force attacks on router user name-password pairs.

    This malware is predominantly found in Latin America but we are also checking the extent of infection in other regions. The attacks also work against D-LINK routers though we are also verifying if it works on others.

    An infected system also connects to a botnet on IRC servers and is capable of receiving and executing commands. Trend Micro detects the offending code as ELF_TSUNAMI.R. Analysis is ongoing and we will be posting updates as new information is found.

    There was an old attack in 2008 that targeted routers in Mexico, which we blogged about in the entry “Targeted Attack in Mexico: DNS Poisoning via Modems.”

    Update as of March 11, 2011, 6:08 AM Pacific Time

    • ELF_TSUNAMI.R is MIPS-based (Microprocessor without Interlocked Pipeline Stages)—a processor typically used in small devices such as routers. The means as to how an attacker would be able to drop the said file into a router is not yet determined, but it is possible that the .ELF file is just a component of a much bigger threat.
    • It exploits a vulnerability that affects certain D-Link routers. Successful exploitation of the said vulnerability grants a remote attacker complete administrative access to the affected router.
    • It is also capable if disabling the firewall of the affected router by executing the command /etc/firewall_stop




    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice