The spread of insecure broadband DSL and Cable modems is what CircleID refers to as an extremely wide-spread problem. Czech researchers recently revealed details about the Chuck Norris botnet which spreads by taking advantage of poorly configured routers and modems.
“Last week Czech researchers released information on a new worm which exploits CPE devices (broadband routers) by means such as default passwords, constructing a large DDoS botnet. Today this story hit international news.
“When I raised this issue before in 2007 on the NANOG mailing list, some other vetted mailing lists and on CircleID here and here, the consensus was that the vendors will not change their position on default settings unless ‘something happens’, I guess this is it, but I am not optimistic on seeing activity from vendors on this now, either.”
