Contact us today!
(808) 529-4605

Indevtech Blog

What is a Router Botnet? Find Out Today!

What is a Router Botnet? Find Out Today!

Ordinarily, one of the best ways to protect your organization’s infrastructure is to make sure any and all patches administered to the software you use are applied as soon as possible after they’ve been released. However, patches don’t help against threats that aren’t discovered at the moment they are released. The recent spread of BCMUPnP_Hunter botnet shows that it’s not enough for people to keep patching their systems.

Threat Background
This botnet was initially discovered in September. Since then, it has infected devices to support a huge spam email campaign. BCMUPnP_Hunter is able to zero-in on victims thanks to its ability to scan for potential targets, like routers with the BroadCom University Plug and Play feature enabled. The system can then be taken over by the hacker.

It is assumed that the network created by BCMUPnP_Hunter was created to send out spam emails. The threat creates a proxy that communicates with email servers, allowing attackers to use botnets to generate profit through fraudulent clicks. What’s more is that the malware seems to have been created by someone who has a considerable amount of skill. To make things worse is that BCMUPnP_Hunter also appears to scan from over 100,000 sources, making this botnet quite large.

How Does This Prove That Patches Aren’t Working?
In order for BCMUPnP_Hunter to work as intended, it must target devices that have BroadcomUPnP enabled to take advantage of a vulnerability. The thing is that this vulnerability has been patched since 2013 when it was first discovered, meaning that most manufacturers have issued a patch since then. Therefore, the majority of devices being used by this threat are those that haven’t been patched for some reason or another.

The Lesson Learned
A simple lesson can be learned here. It goes to show that any equipment on your infrastructure that’s not maintained could be putting your business at risk. This includes making sure that you implement patches and security updates as soon as they are released. Of course, they aren’t always broadcast to the public--after all, who would want to admit that the product they have created is vulnerable to attack, and that the vulnerability is being exploited? As a business owner, it’s your responsibility to keep up with the latest threats.

Granted, not all business owners have the time or luxury to focus on something like this. For those who want to minimize the threat posed by vulnerabilities, give the IT professionals at Indevtech a call at (808) 529-4605.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, January 21 2019

Captcha Image

Request a Consultation

Request a
Network Consultation

How secure is your IT infrastructure?
Let us evaluate it for you!

Contact Us!

Free Consultation

Tag Cloud

Tip of the Week Security Technology Privacy Best Practices Cloud Business Computing Google Hackers Hosted Solutions Backup Malware Microsoft Network Security User Tips Mobile Devices Data Internet Software Windows 10 Innovation Smartphones Hardware Email Browser Business Efficiency Tech Term Smartphone Computer Disaster Recovery VoIP Productivity Business Continuity Workplace Tips Data Backup Miscellaneous IT Services Ransomware Android Productivity Cybercrime Business Management communications Chrome Data Recovery Windows Office Alert Automation Cloud Computing Network Outsourced IT Computers Router Managed IT Services Communication Internet of Things Save Money Artificial Intelligence Telephone Systems Upgrade Managed IT Services Server Virtualization Cybersecurity Money Windows 10 Law Enforcement Facebook Social Media Collaboration Small Business Quick Tips IT Support Health Office Tips Office 365 Passwords App Applications Wi-Fi Social Engineering Holiday Password Spam How To Information Word Mobile Device BDR History Remote Computing Bandwidth Gadgets Bring Your Own Device Gmail Google Drive Operating System Work/Life Balance Mobile Device Management Settings Two-factor Authentication Marketing Data Security Private Cloud Managed Service HaaS Data Protection Keyboard Sports Encryption Mouse Managed Service Provider Connectivity Hacking Data Management Data Breach VPN Vulnerability Voice over Internet Protocol Networking Flexibility Safety Phishing Application Mobility Apps Recovery Microsoft Office Scam Entertainment Best Practice Black Market DDoS Avoiding Downtime Battery Comparison User Error Spam Blocking Identity Theft IT Management CES Google Docs Big Data Infrastructure Paperless Office Virtual Assistant Government Electronic Medical Records Charger Wearable Technology Cleaning Telephony Mobile Computing IT Plan Content Management Website Public Cloud Retail Windows 7 Downtime IT Support Robot Remote Monitoring Machine Learning Software as a Service Business Intelligence Telephone System Managed IT Fraud Physical Security Firewall Employer-Employee Relationship Unsupported Software Blockchain Meetings Access Control Data storage Update End of Support Social YouTube OneNote Botnet Hiring/Firing PDF Budget eWaste Redundancy Patch Management USB The Internet of Things BYOD Human Resources Internet Exlporer Training Legal Saving Money Data Storage Servers Display Tip of the week Practices Telecommuting Techology Social Networking Troubleshooting Supercomputer NarrowBand Augmented Reality Root Cause Analysis Workers Document Management Shortcut Computer Accessories Bing Staff Going Green Safe Mode Politics Television Computer Fan Online Shopping Addiction Humor Conferencing IT solutions Vendor Management Uninterrupted Power Supply Smart Tech Customers Fax Server Transportation Samsung Warranty HVAC Worker Commute People Security Cameras Windows Server 2008 Hosted Computing Distributed Denial of Service Wireless Technology Remote Worker Files Education Bluetooth Help Desk HBO Laptop Specifications Wireless Public Computer FENG Evernote Value Cache Search Emails Content Windows 10s Credit Cards Video Games Benefits Leadership Printer Enterprise Content Management Mobile Office Hacker Inventory Books Current Events Chromecast Wiring Data loss Password Manager Computing Infrastructure Outlook Digital Signature Touchpad Experience Wireless Charging Wireless Internet How to Maintenance Save Time Notifications Password Management Hybrid Cloud Audiobook SaaS Tech Support Skype Devices Scalability Administrator Worker Smartwatch Flash Emergency Knowledge Unified Threat Management Screen Mirroring Business Mangement Shortcuts Frequently Asked Questions Accountants Millennials Music Automobile MSP Cortana Wire Apple Software Tips HIPAA Multi-Factor Security NIST Running Cable Shadow IT Solid State Drive Amazon Start Menu Thought Leadership Instant Messaging Programming Biometrics Smart Technology Microchip Rootkit Authentication Monitor Customer Relationship Management Network Congestion Streaming Media Camera Cast Recycling Computer Care Internet exploMicrosoft Users Vendor Excel Workforce IBM File Sharing Google Apps Travel Smart Office iPhone Employer Employee Relationship Netflix Trending Cryptocurrency Information Technology Risk Management Assessment Audit Amazon Web Services Tools Relocation Two Factor Authentication webinar Lithium-ion battery Search Engine Environment Remote Work Sync Nanotechnology Reputation Customer Service IT Consultant Criminal WiFi Advertising Virtual Reality Thank You Webinar Congratulations Company Culture Compliance IT solutions Managing Stress Regulation CrashOverride Twitter Printers