Due to this worm an infected router’s HTTP server is opened only for a short period of time and for each target a new server with different port is opened. Johannes Ullrich of the Internet Storm Centre who is studying this particular worm, says that “This may be a ‘bot’ if there is a functional command and control channel present”. Many routers have come under scrutiny from security researchers in the past year, after a series of demonstrations showed ways to break into the devices. Many routers of popular Router brands like Linksys and Netgrear are found to be particularly vulnerable to a “backdoor”, or a gap in layman terms, which allows the would be hacker/attacker to access routers admin panel. The attacker can then set and reset the router switching based on his/her preference to create a create an wireless access point. Once the WAP is created, the hacker/attacker has unhindered access but the only requirement for this backdoor to work is that this backdoor requires that the attacker to be on the same local network. This backdoor was discovered by French researcher Eloi Vanderbeken who claimed that he found this backdoor by accident, while he was checking his family’s home router, noticing that the router was ‘listening’ for commands via a TCP port. Vanderbeken was able to use this to gain administrator privileges and reset the password. Last year various D-Link routers were vulnerable to serious backdoor breaches which cut down the sales of various D-Link routers.
