'More than 45,000 Internet routers have been compromised by a newly
discovered campaign that's designed to open networks to attacks by
EternalBlue, the potent exploit that was developed by, and then stolen
from, the National Security Agency and leaked to the Internet at
large, researchers say. From a report:
The new attack exploits routers with vulnerable implementations of
Universal Plug and Play to force connected devices to open ports 139
and 445, content delivery network Akamai said in a blog post. As a
result, almost 2 million computers, phones, and other network devices
connected to the routers are reachable to the Internet on those ports.
While Internet scans don't reveal precisely what happens to the
connected devices once they're exposed, Akamai said the ports --which
are instrumental for the spread of EternalBlue and its Linux cousin
EternalRed -- provide a strong hint of the attackers' intentions.
The attacks are a new instance of a mass exploit the same researchers
documented in April. They called it UPnProxy because it exploits
Universal Plug and Play -- often abbreviated as UPnP -- to turn
vulnerable routers into proxies that disguise the origins of spam,
DDoSes, and botnets.'
-- source: https://tech.slashdot.org/story/18/11/29/1849254
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174