window._mfq = window._mfq || []; (function() { var mf = document.createElement("script"); mf.type = "text/javascript"; mf.async = true; mf.src = "//"; document.getElementsByTagName("head")[0].appendChild(mf); })();
407-478-6600    Get SUPPORT

TaylorWorks Blog

What is a Router Botnet? Find Out Today!

What is a Router Botnet? Find Out Today!

Ordinarily, one of the best ways to protect your organization’s infrastructure is to make sure any and all patches administered to the software you use are applied as soon as possible after they’ve been released. However, patches don’t help against threats that aren’t discovered at the moment they are released. The recent spread of BCMUPnP_Hunter botnet shows that it’s not enough for people to keep patching their systems.

Threat Background
This botnet was initially discovered in September. Since then, it has infected devices to support a huge spam email campaign. BCMUPnP_Hunter is able to zero-in on victims thanks to its ability to scan for potential targets, like routers with the BroadCom University Plug and Play feature enabled. The system can then be taken over by the hacker.

It is assumed that the network created by BCMUPnP_Hunter was created to send out spam emails. The threat creates a proxy that communicates with email servers, allowing attackers to use botnets to generate profit through fraudulent clicks. What’s more is that the malware seems to have been created by someone who has a considerable amount of skill. To make things worse is that BCMUPnP_Hunter also appears to scan from over 100,000 sources, making this botnet quite large.

How Does This Prove That Patches Aren’t Working?
In order for BCMUPnP_Hunter to work as intended, it must target devices that have BroadcomUPnP enabled to take advantage of a vulnerability. The thing is that this vulnerability has been patched since 2013 when it was first discovered, meaning that most manufacturers have issued a patch since then. Therefore, the majority of devices being used by this threat are those that haven’t been patched for some reason or another.

The Lesson Learned
A simple lesson can be learned here. It goes to show that any equipment on your infrastructure that’s not maintained could be putting your business at risk. This includes making sure that you implement patches and security updates as soon as they are released. Of course, they aren’t always broadcast to the public--after all, who would want to admit that the product they have created is vulnerable to attack, and that the vulnerability is being exploited? As a business owner, it’s your responsibility to keep up with the latest threats.

Granted, not all business owners have the time or luxury to focus on something like this. For those who want to minimize the threat posed by vulnerabilities, give the IT professionals at TaylorWorks a call at 407-478-6600.

The Pros and Cons of Automating Business Processes
Tip of the Week: Improve Your Business’ Wi-Fi


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, March 26 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Tag Cloud

Tip of the Week Security Technology Network Security Best Practices Cloud Business Computing Data Backup Privacy Hosted Solutions Managed IT Services Hackers Malware Data Recovery Email Mobile Devices VoIP Data Google User Tips Productivity Internet of Things Outsourced IT Innovation Tech Term Communications Internet Backup Efficiency Hardware IT Services Microsoft Cloud Computing Business Continuity Software Saving Money Cybersecurity Business Artificial Intelligence Workplace Tips BDR Ransomware Smartphones Business Management Communication Small Business Android IT Support Router Disaster Recovery Managed IT Services Windows 10 Cybercrime Smartphone IT Support Network Phishing Applications Chrome Gadgets Browser Encryption Computer Mobile Device Collaboration Windows Law Enforcement How To Managed IT Server BYOD Data Security Spam Proactive IT Mobile Device Management Holiday Data Protection Two-factor Authentication Mobility Avoiding Downtime Access Control Blockchain Training Virtualization Word Information Business Intelligence Save Money Computers Office 365 Money Miscellaneous Managed Service Alert Upgrade Business Technology Automation Connectivity Social Media File Sharing Operating System IT Management Redundancy Bandwidth Telephone Systems Social Engineering Machine Learning Wi-Fi Voice over Internet Protocol Software as a Service Document Management Passwords Remote Monitoring Paperless Office Vulnerability App Apps Settings Facebook Productivity Identity Theft Analysis Compliance Firewall Private Cloud Servers Spam Blocking Virtual Private Network Fraud Data loss Mobile Computing CES Value Sports Manufacturing Google Docs Virtual Assistant Remote Computing Business Owner Content Management Health Education Bring Your Own Device IT Plan Unified Threat Management Telephone System Networking Employer-Employee Relationship Workers Keyboard Augmented Reality Windows 7 Google Drive Comparison Unsupported Software Telephony Smart Tech Work/Life Balance Data Storage Solid State Drive OneNote Flexibility Save Time Hacker Information Technology Microsoft Office Human Resources Password Budget Cryptocurrency Update Infrastructure Big Data Credit Cards VPN Data Breach Meetings Botnet Website Healthcare Scam Administrator Physical Security Lifestyle Criminal Samsung Wire Black Market Content Filtering Google Search Start Menu Wireless Charging Practices Network Congestion Public Cloud Safe Mode Logistics Data Warehousing WiFi Password Manager Charger Cortana Storage Instant Messaging Security Cameras Flash Accountants HVAC Downtime Hacking Travel Cables HIPAA Shortcuts Tip of the week Workforce Digital Signature Electronic Health Records Computer Fan Worker Commute Wiring Backup and Disaster Recovery Legal Entertainment Wireless Microchip Battery Proactive Net Neutrality Mobile Electronic Medical Records Managed Service Provider Hosted Computing IT Consultant Project Management Business Mangement USB Windows 10 Employee/Employer Relationship Amazon End of Support Enterprise Content Management Screen Mirroring Unified Communications Devices eCommerce Windows Server 2008 Telecommuting FENG GDPR Cryptomining Inventory Leadership PDF HBO Smart Office Windows 10s Office Tips Remote Monitoring and Maintenance ISP Professional Services Warranty Biometric Security Gmail Technology Tips Addiction Netflix Quick Tips Recovery Smartwatch Sync Amazon Web Services IoT Password Management Data Management Cast Theft Thought Leadership Social Remote Work Strategy YouTube HaaS E-Commerce Database Wireless Technology Search Engine Outlook SaaS Line of Business File Versioning Tools Printer Multi-Factor Security Recycling Cleaning Cache Employee Online Shopping Current Events NIST Government Google Apps Streaming Media The Internet of Things Vendor Regulations Marketing Camera Hard Drives Authentication webinar Risk Management Bing Frequently Asked Questions Specifications Students Audit Patch Management MSP Multiple Versions Root Cause Analysis Mouse Software Tips Trending eWaste Computer Care Wireless Internet Digital Signage Skype Evernote Insurance Knowledge Distribution Vendor Management Content Filter Emails Display Computing Infrastructure Fiber-Optic Nanotechnology Conferencing Help Desk Excel Millennials Staff Virtual Reality Users Remote Worker Restore Data Audiobook Humor Customer Service Webinar Wearable Technology Internet Exlporer Mobile Office Video Games Domains Television User Error Transportation Books Hybrid Cloud Twitter IT solutions How to Automobile Worker Hiring/Firing Public Speaking Public Computer Benefits Best Practice Presentation Utility Computing Loyalty Lithium-ion battery Troubleshooting Fun Internet exploMicrosoft Rootkit Scalability Smart Technology Employer Employee Relationship 5G Files Emergency Tech Support Safety Office Shadow IT Hosted Solution IBM Regulation Advertising Analytics Experience Colocation Company Culture Computer Accessories History Competition Relocation Customer Relationship Management Two Factor Authentication Search Content Printers Music Managing Stress CrashOverride IP Address Bluetooth Politics Assessment Techology

Mobile? Grab this Article!

QR-Code dieser Seite