Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Hackers opening SMB ports on routers to infect PCs with NSA malware

2 Weeks Ago   #1
Brink

64-bit Windows 10 Pro
 
 
Hackers opening SMB ports on routers to infect PCs with NSA malware

Quote:
Akamai has detected an ingenious malware campaign that alters configurations on home and small office routers to open connections toward internal networks so crooks can infect previously isolated computers.

The way hackers achieve this, Akamai said, is via a technique known as UPnProxy, which the company first detailed in April this year.

The technique relies on exploiting vulnerabilities in the UPnP services installed on some routers to alter the device's NAT (Network Address Translation) tables.

NAT tables are a set of rules that control how IPs and ports from the router's internal network are mapped onto a superior network segment --usually the Internet.

In April, hackers were using this technique to convert routers into proxies for regular web traffic, but in a report published today, Akamai says it's seen a new variation of UPnProxy where some clever hackers are leveraging UPnP services to insert special rules into routers NAT tables.

These rules still work as a (proxy) redirections, but instead of relaying web traffic at the hacker's behest, they allow an external hacker to connect to the SMB ports (139, 445) of devices and computers located behind the router, on the internal network.

OVER 45,000 ROUTERS ALREADY INFECTED

Akamai experts say that from the 277,000 routers with vulnerable UPnP services exposed online, 45,113 have already been modified in this recent campaign.

Researchers say that one particular hacker, or hacker group, has spent weeks creating a custom NAT entry named 'galleta silenciosa' ('silent cookie/cracker' in Spanish) on these 45,000 routers.


Read more: Hackers are opening SMB ports on routers so they can infect PCs with NSA malware | ZDNet

See also: UPnProxy: EternalSilence - Akamai Security Intelligence and Threat Research Blog


My System SpecsSystem Spec
.
2 Weeks Ago   #2
F22 Simpilot

Windows 7 Ultimate x64
 
 

I have seen my fair share of hacked residential routers try to access my site trying to do nefarious activities myself. And I bet a lot of these people wonder why their bandwidth and Internet speed isn't up to par and blame the ISP. Perhaps the ISP themselves should step it up a notch and make sure people's connections aren't hacked using some form of cloud analysis or something. I use Amazon AWS and use GuardDuty which could be similar to what an ISP could use.

People need to learn to secure their routers. Never use the default username and password, turn off UPnP and don't use port forwarding unless you absolutely need to. Then people need to stay abreast of any router firmware updates.
My System SpecsSystem Spec
2 Weeks Ago   #3
townsbg

Windows 7 pro 64-bit sp 1
 
 

Why are they calling this NSA malware? Because it spys on people? Thankfully UPnP is turned off by default on my modem and I never had a reason to turn it on.
My System SpecsSystem Spec
.

1 Week Ago   #4
Iain

Windows 7 Professional x64
 
 

Quote   Quote: Originally Posted by townsbg View Post
Why are they calling this NSA malware? Because it spys on people? Thankfully UPnP is turned off by default on my modem and I never had a reason to turn it on.
Indeed, as it is in mine.

UPnP is well known for it's vulnerabilities.
My System SpecsSystem Spec
1 Week Ago   #5
F22 Simpilot

Windows 7 Ultimate x64
 
 

Universal Plug & Prey. I read that many years ago circa '08 at GRC's website.
My System SpecsSystem Spec
Reply

 Hackers opening SMB ports on routers to infect PCs with NSA malware




Thread Tools



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:09.
Twitter Facebook Google+