Skip to content
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Ars Technica)   ZuoRAT is in your routers eating your cheese   (arstechnica.com) divider line
    More: Scary, Network address translation, Infection, Transmission and infection of H5N1, wide range of routers, Linux, Virtual private server, Lumen Technologies' Black Lotus Labs, IP address  
•       •       •

1183 clicks; posted to STEM » on 30 Jun 2022 at 4:14 AM (7 weeks ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook



6 Comments     (+0 »)
View Voting Results: Smartest and Funniest
 
2022-06-30 7:23:17 AM  
Another threat that requires physical access to the local network.

Stop opening attachments people!
 
2022-06-30 8:48:03 AM  
fortunately, i'm behind seven proxies.
 
2022-06-30 8:56:34 AM  

LesserEvil: Another threat that requires physical access to the local network.

Stop opening attachments people!


Or a misconfigured router with old software.

On early AsusWRT versions if you disabled admin access via the WAN but had turned off the firewall the router UI was still accessable via the WAN, as the admin access control was implemented by the firewall.  So a number of people thought they were safe when in fact wide open.

And yeah - unless you know who is sending that attachment to you and why that particular file is showing up right now... don't farking open them.  So pdf from loan processor who is working on your loan app... that's ok.  Rando email address proposing you get rich, or claiming you "have to see this!"... just delete it.
 
2022-06-30 9:13:54 AM  

LesserEvil: Another threat that requires physical access to the local network.

Stop opening attachments people!


I prefer to call them email-based loot crates.
 
2022-06-30 10:19:31 AM  

MadHatter500: LesserEvil: Another threat that requires physical access to the local network.

Stop opening attachments people!

Or a misconfigured router with old software.

On early AsusWRT versions if you disabled admin access via the WAN but had turned off the firewall the router UI was still accessable via the WAN, as the admin access control was implemented by the firewall.  So a number of people thought they were safe when in fact wide open.

And yeah - unless you know who is sending that attachment to you and why that particular file is showing up right now... don't farking open them.  So pdf from loan processor who is working on your loan app... that's ok.  Rando email address proposing you get rich, or claiming you "have to see this!"... just delete it.


Asus router configured properly for your network. Disable everything not needed.

Asuswrt merlin firmware

Reboot every week

Thank you
 
2022-06-30 10:21:32 AM  

MadHatter500: LesserEvil: Another threat that requires physical access to the local network.

Stop opening attachments people!

Or a misconfigured router with old software.

On early AsusWRT versions if you disabled admin access via the WAN but had turned off the firewall the router UI was still accessable via the WAN, as the admin access control was implemented by the firewall.  So a number of people thought they were safe when in fact wide open.

And yeah - unless you know who is sending that attachment to you and why that particular file is showing up right now... don't farking open them.  So pdf from loan processor who is working on your loan app... that's ok.  Rando email address proposing you get rich, or claiming you "have to see this!"... just delete it.


LeasingEvil seems to have missed this sentence in TFA: "ZuoRAT often gets installed by exploiting unpatched vulnerabilities in SOHO devices."

What makes me cock an eyebrow is the MIPS-only target.  Past malrouter packages I've seen in the wild were more woke and inclusive, with binaries for MIPS, Arm, PPC and x86.  Makes me wonder if they're lazy or, like ye old Stuxnette, targeting a particular userbase.
 
Displayed 6 of 6 comments

View Voting Results: Smartest and Funniest

This thread is closed to new comments.

Continue Farking




On Twitter


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.