Modem targeting Malware

As if there weren’t enough things to worry about as it is, a new set of malware has been discovered that targets the lightweight operating system of select cable modems!

This malware, called LuaBot, has been quite active lately targeting IoT devices with Linux based OS’s in order to create large botnets. These botnet’s, or a network of compromised devices, have then been used to perform Distributed Denial of Service (DDoS) attacks on different organizations. LuaBot is also capable of many other malicious activities such as obtaining certificates and configuration files and remote access.

Late last year, researchers discovered several vulnerabilities within ARRIS cable modems (read more here) but recent research shows that LuaBot specifically targets DOCSIS 3.0 cable modems with the Puma 5 (ARM/Big Endian) chipset. One of the more popular modems with this chipset is the ARRIS TG862 family of devices.

At this point it is believed that the only purpose of this attack on a modem is to add the device to a botnet for DDoS attacks. However, if your modem becomes compromised then your could experience slow connections speeds since the modem itself would be using up the bandwidth.

If you are interested in reading more about LuaBot and the specifics of how it can infect your modem, check out this excellent article here.

The only real way to defend against this type of attack is to ensure that all of your devices are updated regularly. This can be tricky to do with modems and routers if you are unfamiliar with them and in many cases, they are the property of your service provider. Routers vary a great deal but if you are able to log in to the user interface you can usually check to see if it has the latest firmware and updates. Modems don’t tend to have an interface to log in to but, for the most common modems, you can usually check the firmware version by typing 192.168.100.1 into your address bar. For many, no username or password is required since it will only display the version information. Some modems vary a bit and do require an admin password, so check out this list for your modem to get the proper info.

Once you have the version info for your device, you can check to see if you need to update on the manufacturers website or by calling your service provider if you are leasing one of their devices.

Leave a Reply

Your email address will not be published. Required fields are marked *