Contact us today!
(808) 529-4605

Indevtech Blog

What is a Router Botnet? Find Out Today!

What is a Router Botnet? Find Out Today!

Ordinarily, one of the best ways to protect your organization’s infrastructure is to make sure any and all patches administered to the software you use are applied as soon as possible after they’ve been released. However, patches don’t help against threats that aren’t discovered at the moment they are released. The recent spread of BCMUPnP_Hunter botnet shows that it’s not enough for people to keep patching their systems.

Threat Background
This botnet was initially discovered in September. Since then, it has infected devices to support a huge spam email campaign. BCMUPnP_Hunter is able to zero-in on victims thanks to its ability to scan for potential targets, like routers with the BroadCom University Plug and Play feature enabled. The system can then be taken over by the hacker.

It is assumed that the network created by BCMUPnP_Hunter was created to send out spam emails. The threat creates a proxy that communicates with email servers, allowing attackers to use botnets to generate profit through fraudulent clicks. What’s more is that the malware seems to have been created by someone who has a considerable amount of skill. To make things worse is that BCMUPnP_Hunter also appears to scan from over 100,000 sources, making this botnet quite large.

How Does This Prove That Patches Aren’t Working?
In order for BCMUPnP_Hunter to work as intended, it must target devices that have BroadcomUPnP enabled to take advantage of a vulnerability. The thing is that this vulnerability has been patched since 2013 when it was first discovered, meaning that most manufacturers have issued a patch since then. Therefore, the majority of devices being used by this threat are those that haven’t been patched for some reason or another.

The Lesson Learned
A simple lesson can be learned here. It goes to show that any equipment on your infrastructure that’s not maintained could be putting your business at risk. This includes making sure that you implement patches and security updates as soon as they are released. Of course, they aren’t always broadcast to the public--after all, who would want to admit that the product they have created is vulnerable to attack, and that the vulnerability is being exploited? As a business owner, it’s your responsibility to keep up with the latest threats.

Granted, not all business owners have the time or luxury to focus on something like this. For those who want to minimize the threat posed by vulnerabilities, give the IT professionals at Indevtech a call at (808) 529-4605.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, March 22 2019

Captcha Image

Request a Consultation

Request a
Network Consultation

How secure is your IT infrastructure?
Let us evaluate it for you!

Contact Us!

Free Consultation

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Cloud Business Computing Google Hackers Hosted Solutions Malware Backup Internet Innovation Network Security User Tips Mobile Devices Microsoft Software Windows 10 Data Smartphones Productivity Efficiency Email Hardware Workplace Tips Business Browser Tech Term VoIP Productivity communications Business Continuity Computer Smartphone Disaster Recovery IT Services Ransomware Miscellaneous Business Management Android Data Backup Cybercrime Windows Cloud Computing Alert Server Network Outsourced IT Chrome Office Automation Data Recovery Quick Tips Telephone Systems Windows 10 Artificial Intelligence Managed IT Services Computers Managed IT Services Router Save Money Internet of Things Communication Upgrade Money Small Business Law Enforcement Collaboration IT Support Health Cybersecurity Virtualization Social Media Facebook Gadgets Spam Social Engineering Applications Operating System Wi-Fi Office 365 Password Office Tips Passwords How To Mobile Device App Holiday Work/Life Balance Bandwidth Information Bring Your Own Device Two-factor Authentication Gmail Mobile Device Management Settings Google Drive BDR History Remote Computing Private Cloud Encryption Word Application Meetings Recovery Flexibility Scam Microsoft Office Paperless Office Voice over Internet Protocol Managed Service Vulnerability Safety Data Protection Mobility Connectivity Apps Entertainment Marketing Keyboard Mouse Managed Service Provider Data Breach Sports Networking Data Security HaaS Data Management Hacking Phishing VPN IT Support Servers Patch Management Downtime USB IT Plan Website Telephony Remote Monitoring Physical Security YouTube Windows 7 Data storage CES Business Intelligence End of Support Saving Money Identity Theft Training Managed IT Infrastructure eWaste Unsupported Software Software as a Service Update Virtual Assistant The Internet of Things PDF Botnet Content Management Internet Exlporer OneNote Machine Learning Big Data Best Practice Telephone System Electronic Medical Records DDoS Redundancy Legal Blockchain Mobile Computing Fraud Charger User Error BYOD Battery Robot Access Control Black Market Retail Data Storage Save Time Avoiding Downtime Firewall Employer-Employee Relationship Wearable Technology Cleaning Comparison IT Management Google Docs Government Social Hiring/Firing Augmented Reality Spam Blocking Budget Human Resources Cryptocurrency Public Cloud Criminal Network Congestion Tech Support Google Search HBO Specifications Computing Infrastructure Customer Relationship Management Remote Work Nanotechnology Rootkit Warranty FENG Value Document Management IBM Security Cameras How to Practices Employer Employee Relationship Netflix Remote Worker Windows 10s Touchpad Workers Help Desk Data loss Scalability Staff Safe Mode Two Factor Authentication webinar Business Technology Hybrid Cloud Online Shopping Addiction Risk Management Assessment HVAC IT Consultant Running Cable Shadow IT Proactive IT Outlook Customer Service Smart Tech Printer Troubleshooting Supercomputer Hacker Apple Social Networking Hosted Computing Computer Accessories Streaming Media Wiring Skype Shortcut Screen Mirroring Instant Messaging Conferencing Biometric Security Flash Evernote Cache Politics Television Monitor IT solutions Enterprise Content Management Transportation Samsung Net Neutrality Frequently Asked Questions Millennials Internet exploMicrosoft Users Fax Server Credit Cards Vendor Management Lithium-ion battery Administrator Password Manager Environment Smartwatch Software Tips Multi-Factor Security iPhone Inventory Bluetooth Unified Threat Management Solid State Drive Start Menu Shortcuts Cast Computer Care Relocation Digital Signature Emails NarrowBand MSP Information Technology Wireless Charging Wireless Internet Public Computer Travel Reputation Password Management Benefits Leadership ISP Excel Workforce Advertising Virtual Reality Devices Content Microchip Business Mangement Books Current Events Uninterrupted Power Supply Employee Trending Camera Audit Tools Techology People Vendor WiFi Humor Accountants Distributed Denial of Service Wireless Technology File Sharing Sync Going Green Maintenance Cortana Wire Experience Root Cause Analysis Customers HIPAA NIST Cryptomining Tip of the week Telecommuting Worker Commute Amazon Thought Leadership Audiobook SaaS Search Engine Recycling Emergency Knowledge Digital Signage Files Education Authentication Worker Computer Fan Music Automobile Mobile Office Display Search Chromecast Laptop Wireless Google Apps Smart Office Bing Video Games Smart Technology Database Windows Server 2008 Programming Biometrics Amazon Web Services Notifications CrashOverride Company Culture Thank You Compliance Webinar Managing Stress Congratulations Printers Regulation IT solutions Twitter