If you use a Linksys router, then you may be vulnerable to “TheMoon,” a bit of router malware. Here’s what you need to know to stay safe!
1. Malware Affects Linksys E1000 and E1200 Routers
Using an older model Linksys router? Watch out for "The Moon" worm: http://t.co/1lDgRjOJ3t (via@securitywatch)
— PCMag (@PCMag) February 18, 2014
PC World reports that “TheMoon” malware affects Linksys E1000 and E1200 routers. The article adds that “the following routers may be vulnerable depending on firmware version: E4200b… E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900.”
Computerworld also published a list of affected routers, which include the E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900, E300, WAG320N, WAP300N, WAP610N, WES610N, WET610N, WRT610N, WRT600N, WRT400N, WRT320N, WRT160N and WRT150N.
2. Belkin Routers Are Also Endangered
— Farhad Manjoo (@fmanjoo) February 18, 2014
According to Computerworld, some Wireless-N routers from Belkin are also affected. The exact model numbers have yet to be published. Linksys owns Belkin.
Computerworld published a statement from Belkin, which reads as follows:
“Linksys is aware of the malware called ‘The Moon’ that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers…the worm only works when the Remote Management Access feature is enabled. Linksys ships these products with the Remote Management Access feature turned off by default.”
3. ‘TheMoon’ May Want Your Data
Your anti-virus will probably detect the Moon worm. But that won't help much, as Moon targets your router http://t.co/njeCKYDYq2
— Virus Bulletin (@virusbtn) February 18, 2014
Ars Technica explains that the purpose of this type of router malware may be to access private data. They note:
“The discovery comes a week after researchers in Poland reported an ongoing attack used to steal online banking credentials, in part by modifying home routers’ DNS settings. In turn, the phony domain name resolvers listed in the router settings redirected victims’ computers, tablets, and smartphones to fraudulent websites masquerading as an authentic bank service; the sites would then steal the victims’ login credentials.”
4. A Firmware Fix Is Coming
We're aware of "The Moon" malware, which is affecting select older Linksys E-Series/N-Series routers. For info, visit http://t.co/UIHuocrYGL
— Linksys (@Linksys) February 17, 2014
Help Net Security writes that a firmware fix for “TheMoon” is coming. Until users have the firmware fix, Linksys advises them to disable Remote Administration on their device. The firmware fix may not arrive for a few weeks.
PC Mag adds that:
“If you do need remote administration, restrict access to the administrative interface by IP address so that the worm can’t access the router. You can also enable Filter Anonymous Internet Requests under the Administration-Security tab. Since the worm spreads via port 80 and 8080, changing the port for the administrator interface will also make it harder for the worm to find the router…”
5. Try Turning It Off and On Again
— The Hacker News™ (@TheHackersNews) February 17, 2014
Digital Trends reports that consumers who are concerned about “TheMoon” should also update their Linksys router’s firmware to the latest version, and then reboot by unplugging and plugging the power cable.
Linksys has a knowledge base article that you can access right here which outlines the process of upgrading the Linksys router’s firmware.