The following routers may be vulnerable depending on firmware version: E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000,E900
A malicious new worm has been detected in more than 1,000 Linksys home and small-office routers, according to researchers at the SANS Institute of Bethesda, Md.
Nicknamed “TheMoon” because its code includes HTML pages referring to the 2009 science-fiction movie “Moon,” the worm seems to do little more than spread from router to router. However, it does appear to be able to connect to a command-and-control server, from which an attacker could manipulate the compromised systems.
“We do not know for sure if there is a command-and-control channel yet,” wrote security researcher Johannes Ullrich in a blog post on the SANS Institute’s website. “But the worm appears to include strings that point to a command-and-control channel.”
The good news is that a simple router reboot will get rid of the worm, and turning off any remote-administration feature in your router’s settings will prevent the worm from being able to attack in the first place. Many routers have remote administration activated by default.
So far, only Linksys’ “E” product line, which includes the E900, E2000, E3200 and E4200 models, has been shown to be affected. Devices that have upgraded to the latest firmware, 2.0.06, should be safe, but some earlier models whose support has expired, such as the E1000, can’t get that upgrade.