When the Sony Playstation and Microsoft Xbox Live gaming networks went down over Christmas and were kept offline for several days afterwards, the hacker collective that calls themselves LizardSquad took responsibility for the DDoS attack.
It was, as they shared, a demonstration of what they can do and, effectively, good advertizing for their for-hire LizardStresser DoS service. The attack couldn’t and didn’t pass unnoticed by US law enforcement, which along with security researchers and ISPs is trying to find ways to minimize the danger to potential targets.
According to Brian Krebs and several researchers who collaborate with law enforcement in this investigation, the Lizard Stresser service is powered by a botnet mostly consisting of hacked and zombified Internet routers.
“The botnet is not made entirely of home routers; some of the infected hosts appear to be commercial routers at universities and companies, and there are undoubtedly other devices involved,” explained Krebs.
“The preponderance of routers represented in the botnet probably has to do with the way that the botnet spreads and scans for new potential hosts. But there is no reason the malware couldn’t spread to a wide range of devices powered by the Linux operating system, including desktop servers and Internet-connected cameras.”
The malware (a Linux backdoor) used by the hackers to infect these devices is a variant of one documented late last year by researchers of Russian AV outfit Dr. Web. Apart from turning compromised devices into attack zombies, it also scans the Internet for other routers that can be compromised by using default credentials.
Law enforcement officers and ISPs are currently concentrated on undermining the botnet’s strength by trying to get infected systems offline. In the meantime, the malware continues to spread, and there is seemingly no shortage of routers protected only by default usernames and passwords.
Hacking routers is becoming an increasingly common way to swell botnets’ size and effectiveness, and Krebs has some good advice on what to do to prevent your router from becoming a zombie in this botnet, and steps to take to harden the devices’ security defenses in general.