No – the actor Chuck Norris is not giving a deadly kung-fu kick or karate chop to networking hardware devices This is a new botnet attack against cable modems, DSL modems, and WiFi routers that use the Linux operating system. This has been dubbed the “Chuck Norris” virus because the Italian author of this exploit wrote a tribute to Chuck Norris in the source code comments.
Why attack network edge devices and routers? First, because these devices have a small but significant amount of processing power that can be combined into a botnet containing thousand of these devices, and used to mount a denial of service attack against a third party web site or server, or can be used to reroute computer users on attached networks to web sites where more exploits can be automatically downloaded to the systems behind the compromised router.
Secondly, because it is super easy. The Chuck Norris exploit takes advantage of the all too common fact that these devices sit out on the Internet with their manufacturer preset administrative user ID and password still unchanged. For example, the default password for Linksys devices is “admin". Similarly, for D-Link devices it is user ID “admin” and password “password.” There are websites on the Internet that list the “default” or preset user IDs and passwords for every networking device ever manufactured. Most home users setting up a wireless network will neglect to change the administrative credentials or turn off the remote administration abilities of the router. So this makes accessing the router for this exploit and extremely trivial thing to accomplish. Unfortunately, the remote access credentials for many ISP provided devices are as well-known and just as easily hacked.
Fortunately, this is an easy one to fix. The Chuck Norris code resides in the random access memory (RAM) of the affected router, so a simple reboot by unplugging and restarting the modem or router will remove the code, and give you back a clean system. To prevent future problems or infection, accessing the browser based administrative screens and changing the administrative user ID and password to something more difficult to crack should solve that issue.
For my own clients security we will be improving the password complexity of these devices that sit on their networks.Share