Chuck Norris Attacks WiFi Routers and Cable/DSL Modems

No – the actor Chuck Norris is not giving a deadly kung-fu kick or karate chop to networking hardware devices  This is a new botnet attack against cable modems, DSL modems, and WiFi routers that use the Linux operating system.  This has been dubbed the “Chuck Norris” virus because the Italian author of this exploit wrote a tribute to Chuck Norris in the source code comments.

Why attack network edge devices and routers?  First, because these devices have a small but significant amount of processing power that can be combined into a botnet containing thousand of these devices, and used to mount a denial of service attack against a third party web site or server, or can be used to reroute computer users on attached networks to web sites where more exploits can be automatically downloaded to the systems behind the compromised router.

Secondly, because it is super easy.  The Chuck Norris exploit takes advantage of the all too common fact that these devices sit out on the Internet with their manufacturer preset administrative user ID and password still unchanged.  For example, the default password for Linksys devices is “admin".  Similarly, for D-Link devices it is user ID “admin” and password “password.”   There are websites on the Internet that list the “default” or preset user IDs and passwords for every networking device ever manufactured.  Most home users setting up a wireless network will neglect to change the administrative credentials or turn off the remote administration abilities of the router.  So this makes accessing the router for this exploit and extremely trivial thing to accomplish.  Unfortunately, the remote access credentials for many ISP provided devices are as well-known and just as easily hacked.

Fortunately, this is an easy one to fix.  The Chuck Norris code resides in the random access memory (RAM) of the affected router, so a simple reboot by unplugging and restarting the modem or router will remove the code, and give you back a clean system.  To prevent future problems or infection, accessing the browser based administrative screens and changing the administrative user ID and password to something more difficult to crack should solve that issue.

A couple of great articles on IT World and Computerworld look at this issue in more detail.

For my own clients security we will be improving the password complexity of these devices that sit on their networks.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.