A botnet named “psyb0t” has made recent news for being “The First Linux Botnet.” Psyb0t is actually a worm that targets routers and DSL modems that run Linux, and might be the first of its kind. The worm “psyb0t” takes advantage of default and weak passwords on these embedded devices by using a dictionary attack. Then, after gaining access it installs itself and starts harvesting usernames and passwords from the user’s web traffic.
So it is not a vulnerability of Linux, or the software installed on the router, or DSL modem, but poor user or default passwords that provide the vulnerability. Many routers have their default password set to 1234, admin, or even blank. As you can see these are certainly not very secure passwords. To make a long story short, default passwords are insecure.
Whenever possible change default passwords and make sure everyone in your department has done so as well. Every device connected to your network, including the printer, can be compromised and used to access your network. This worm is a strong reminder that strong password standards not only apply to your computers but also embedded devices on your network.
If you are unfamiliar with the term “strong password”, a strong password at minimum contains: a capital letter, a lowercase letter, a number and a character or symbol. For more tips on strong passwords I recommend this article. Posters are available for those in IT that want to call attention to the importance of strong passwords. Just remember that default passwords are about as secure as an unlocked padlock.