MrBlack Malware

Up to 80 percent of the top-selling home routers on the market are vulnerable to attacks, according to an April 2015 article on Techworld. Because of the lack of basic security practices on the part of Internet service providers (ISPs), there are a number of hacker-controlled routers used to launch distributed denial-of-service (DDoS) attacks. Computer repair experts point out that the Linux Spike Trojan malware nicknamed “MrBlack,” which security firm Incapsula discovered in December 2014, is one of the more prevalent, spanning 109 countries and over 40,000 routers in small offices and home offices.

MrBlack’s Misdeeds

MrBlack is malware that infects routers and spreads to other devices. Sometimes, infected routers search for open secure shell (SSH) ports and access them using the device’s default credentials. In other words, the malware infects routers that still have default security credentials so they can access the device remotely. After infecting a router, MrBlack and its variants perform tasks like cookie hijacking, man-in-the-middle (MITM) attacks, eavesdropping on communications, and accessing local network devices.

MrBlack Malware

Incapsula found that the hardest hit routers are those made by Ubiquiti, which the company leases on a monthly basis. While most of the command and control centers that launched attacks are in Asia, where Ubiquiti hardware is largely available, 21.7 percent are in the U.S. In regards to computer repair, Portland experts warn that anyone with lenient router credentials may be at risk for a similar type of attack.

How to Protect Routers at Home and Your Business

  • Change the router’s default login and password settings.
  • Disable remote management over the Internet. If you need remote management capabilities, change the password often.
  • Log out of the router’s website after making changes to your account.
  • Turn off Universal Plug and Play (UPnP) support.
  • Turn on Wi-Fi Protected Access (WPA) encryption and turn off the Wi-Fi Protected Setup (WPS) to connect new devices.
  • Avoid using default IP ranges such as 10.0.0.1, 192.168.0.1, 192.168.1.1 and 192.168.2.1. Instead, use 9.8.7 or something similar to prevent Cross-Sit Request (CSRF) attacks.
  • Install the latest router firmware, if available.

Laptop computer repair specialists have dealt with more home and office router attacks within the last few years. One of the simplest ways to thwart an attack is to change the defaults that come with the device. If you suspect a problem with your router or think you may have a computer virus, call Happy Hamster right away. We’ll also gladly help you change your router credentials and setting so they’re more secure.