Linksys ‘TheMoon’ Router Malware: 5 Fast Facts You Need to Know

linksys router moon worm, linksys router problems, router malware, router malware removal, moon worm router, themoon malware,


If you use a Linksys router, then you may be vulnerable to “TheMoon,” a bit of router malware. Here’s what you need to know to stay safe!

1. Malware Affects Linksys E1000 and E1200 Routers

PC World reports that “TheMoon” malware affects Linksys E1000 and E1200 routers. The article adds that “the following routers may be vulnerable depending on firmware version: E4200b… E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900.”

Computerworld also published a list of affected routers, which include the E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900, E300, WAG320N, WAP300N, WAP610N, WES610N, WET610N, WRT610N, WRT600N, WRT400N, WRT320N, WRT160N and WRT150N.

2. Belkin Routers Are Also Endangered

According to Computerworld, some Wireless-N routers from Belkin are also affected. The exact model numbers have yet to be published. Linksys owns Belkin.

Computerworld published a statement from Belkin, which reads as follows:

“Linksys is aware of the malware called ‘The Moon’ that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers…the worm only works when the Remote Management Access feature is enabled. Linksys ships these products with the Remote Management Access feature turned off by default.”

Share it.

Share Tweet Email

3. ‘TheMoon’ May Want Your Data

Ars Technica explains that the purpose of this type of router malware may be to access private data. They note:

“The discovery comes a week after researchers in Poland reported an ongoing attack used to steal online banking credentials, in part by modifying home routers’ DNS settings. In turn, the phony domain name resolvers listed in the router settings redirected victims’ computers, tablets, and smartphones to fraudulent websites masquerading as an authentic bank service; the sites would then steal the victims’ login credentials.”

4. A Firmware Fix Is Coming

Help Net Security writes that a firmware fix for “TheMoon” is coming. Until users have the firmware fix, Linksys advises them to disable Remote Administration on their device. The firmware fix may not arrive for a few weeks.

PC Mag adds that:

“If you do need remote administration, restrict access to the administrative interface by IP address so that the worm can’t access the router. You can also enable Filter Anonymous Internet Requests under the Administration-Security tab. Since the worm spreads via port 80 and 8080, changing the port for the administrator interface will also make it harder for the worm to find the router…”

5. Try Turning It Off and On Again

Digital Trends reports that consumers who are concerned about “TheMoon” should also update their Linksys router’s firmware to the latest version, and then reboot by unplugging and plugging the power cable.

Linksys has a knowledge base article that you can access right here which outlines the process of upgrading the Linksys router’s firmware.

Comment Here
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x