Cert-In issues ‘virus alert’ for some Wi-Fi routers from Huawei, Netgear, D-Link and others
If you are using an old Wi-Fi router at your home to stay connected to the internet then it may be time to update its firmware or get a new one. The Indian Computer Emergency Response Team (CERT-In) has issued an advisory regarding a new malware named Mozi is affecting IoT devices globally.
If you are using an old Wi-Fi router at your home to stay connected to the internet then it may be time to update its firmware or get a new one. The Indian Computer Emergency Response Team (CERT-In) has issued an advisory regarding a new malware named Mozi is affecting IoT devices globally. Some routers from brands like Netgear, Huawei, D-Link and others are affected.
The Mozi malware mainly targets home routers and DVRs which are either unpatched, loosely configured or have weak/default telnet credentials. “It consists of source code from Gafgyt, Mirai, and IoT Reaper; malware families which are targeting IoT devices. Mozi could compromise embedded Linux devices with an exposed telnet. The infected devices form a peer-to-peer (P2P) botnet and use a distributed hash table (DHT) to communicate with other infected host systems,” said CERT-In in its advisory.
Affected devices include Eir D1000 Router, Vacron NVR devices, devices using the Realtek SDK, Netgear R7000 and R6400, DGN1000 Netgear routers, MVPower DVR, Huawei Router HG532, D-Link devices, GPON routers and others.
CERT-In is advising users to update their devices with patches as and when released by respective OEM of devices. If devices are found infected, it is recommended to reset device firmware or restore it from trusted backup. “Monitor or block UDP traffic from the device to Bit Torrent DHT bootstrap nodes. Block outgoing TCP traffic with destination ports 22, 23, 2323, 80, 81, 5555, 7574, 8080, 8443, 37215, 49152, and 52869, if not in use,” it suggested.