DroneBL DDosed by DSL Modems and Routers infected by Botnet Worm
“The people who bring you the DroneBL DNS Blacklist services, while investigating an ongoing DDoS incident, have discovered a botnet composed of exploited DSL modems and routers. OpenWRT/DD-WRT devices all appear to be vulnerable. What makes this worm impressive is the sophisticated nature of the bot, and the potential damage it can do not only to an unknowing end user, but to small businesses using non-commercial Internet connections, and to the unknowing public taking advantage of free Wi-Fi services. The botnet is believed to have infected 100,000 hosts.”
Poorly configured devices that allow remote administration access from the WAN side, combined with weak passwords for root, appears to be the reason for the successful proliferation of the worm.