This nasty virus attacks MIPS based routers and their embedded Linux OS. As most users do not bother to go in and check for things like remote management, UPnP [Universal Plug and Play], SSH [Secure Socket Handler] access after the initial setup - it's not surprising to see this new vector of attack on a previously untapped security hole. At the time of writting, the psyb0t code base cannot affect x86 based systems; it only affects MIPS running in little-endian mode, which is unfortunately around 90% of the current consumer DSL Modem and Home Router market.More details at Bright Side of News.
The attack was discovered by DroneBL. It seems to have multiple functions for use - from deep packet inspection [looking for usernames and passwords], searching for exploitable MySQL and MSSQL systems, to establishing a BotNet for DDoS attacks. In fact, DroneBL has been subjected to a flood of HTTP requests as part of a DDoS attack. It was this attack that allowed them to identify the source and find this new virus.
Psyb0t virus attacks some routers
Posted on Friday, March 27 2009 @ 5:17 CET by Thomas De Maesschalck
Security researchers warn for a new virus that attacks MIPS-based routers and their embedded Linux operating system, by inserting code through the use of a brute force attack.