Posted on

Your Router is probably a Zombie in the Botnet

Your office is protected with enterprise-grade security. What about at home? Despite your best efforts to keep things under control, the truth is that you probably don’t. It’s not your fault.
Most routers are not secure out of the box. Vulnerable firmware is a common target. Backdoors have been found in almost every router brand. Make matters worse by thinking about how many devices are “secured” with admin/admin at You may not be the one, but there are many.
It’s almost as if we don’t even try — and some people have noticed.
What are botnets?
Botnets are networks that contain compromised internet-connected devices. Botmasters and botherders are people who create botnets to accomplish nefarious tasks. These people are, to use the terminology of cybersecurity professionals: malicious actors.
Learn how to become a security expert with SPOTO’s Cybersecurity Training
Start trainingDevices can become zombies if they are infected with malware. This can happen if a user opens suspicious email attachments or goes to the wrong site. Malware is malicious code that has been specifically designed to exploit a vulnerability. Botnets are often made up of one type or another.
While malicious actors may not combine their hordes to launch an attack, the code is purpose-built. We’ve seen botnets of IP cameras, Linux botnets and Android botnets in the recent past. Windows is a large target because of its sheer size — as are routers.
What does a hacker get from a poor router? A router is a computer that runs a lightweight Linux version. It turns out that even low-power devices can cause a lot of damage when used in large numbers.
It is possible that you won’t even realize your device has been infected. Malicious actors rarely take full control of a computer. They may not try to steal your files and personal data. Instead, infected devices donate their resources — computing power and IP addresses, storage — to the botnet which is controlled via a command & control (C&C).
How botnets attack
Botnets can only be used for the purposes intended by the person who controls them. One cybersecurity firm set up a honeypot to observe a botnet infiltrate the system, create backdoors, dump passwords, and so on. Later, a human appeared to steal 3GB of (junk data) using Turbomailer. This is not a common scenario. Most often botnets mine cryptocurrency and carry out distributed denial-of-service (DDoS), amplification, and validation lists of usernames.
DDoS attacks and amplification attacks overwhelm their targets by a huge burst in traffic deployed by hundreds or thousands of devices. Brian Krebs, security expert, described a 665 Gbps DNS amplification attempt against his site. That’s a gigabit per second.
Auth attacks steal usernames and passwords from websites and verify them against a website login. Malicious actors are searching for common passwords because most people use the same password across websites. Instead of alarming financial institutions with a brute force attack they use a username/password combination that may work. They move on if it doesn’t work.
Botnets can also be used to send spam. They are the most lucrative and efficient cybercrime campaigns. Researchers last year reported that the BCMUPnP_Hunter malware had infected more than 100,000 routers running outdated firmware. This was used by a hacker to create a spam-sending army using router IP addresses to avoid spam blacklists.
Spam may seem like a nuisance, but it is actually a very useful reason to use a botnet. Spam serves a greater purpose than disruption. Spam is used by cybercriminals to spread malware that expands the botnet. They also try to infect computers with malware that steals data