Sign in / up

back to article 8,000+ Asus routers popped in 'advanced' mystery botnet plot

Thousands of Asus routers are currently ensnared by a new botnet that is trying to disable Trend Micro security features before exploiting vulnerabilities for backdoor access. Threat monitoring company GreyNoise discovered the botnet, which it dubbed AyySSHush, back in March and pointed interested onlookers to a Censys search …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. DS999 Silver badge

    This is why

    You shouldn't expose any ports on your router to the WAN unless you know what you're doing, and if you know what you're doing then you'll only expose ports on your router to the WAN if you are running something like DD-WRT or OpenWRT. And even then you need to be vigilant because you never when a exploit might be discovered, and there's always the possibility the bad guys knew about it and were already using it before the good guys did.

    Not sure why the article mentions that firmware upgrades won't block the hole. That's true of almost all attacks whether against a router or a PC. If it is persistent enough to survive a reboot then it will also survive updates unless the update specifically targets closing the hole or just happens to luckily overwrite something it depends on. I mean if you configured your PC to run an SSH on some port and configured a user/password for it you'd expect that configuration to persist after you've run Windows update!

    This is especially bad due to the age of the routers involved. ASUS isn't going to release any patches for this.

    4 5 Reply
    1. JessicaRabbit
      Reply Icon

      Re: This is why

      > GreyNoise said that Asus patched CVE-2023-39780 and the CVE-less auth bypass bugs in a recent firmware update, and provided indicators of compromise in its writeup for those who want to check if they were popped.

      Seems they did actually release a fix which is good but all your other points stand.

      1 1 Reply
      1. DS999 Silver badge
        Reply Icon

        Re: This is why

        ALL of them, even the Wifi 5 ones that are 10 years old? If so I'm not just surprised but shocked.

        1 1 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: This is why

          Bought an Asus rt87u (2014) in 2017. Still widely sold in retail then and it was not the cheapest one. No updates since 2021 when it went EOL. Not going to dump hardware if it still works. Regulations should force companies to maintain patches after 10 years of EOL or force them replace the product with an equivalent product. That would be 2031. Now it's 2025.

          0 0 Reply
  2. _olli

    poke 53282

    The choice of TCP port 53282 sounds as if someone have been changing screen colours in Commodore 64 earlier in his life.

    8 0 Reply
  3. Random person

    Learing lessons from the past

    From an article on this august site in 2016.

    > Feds spank Asus with 20-year audit probe for router security blunder

    >

    > Asus has settled its case with the US Federal Trade Commission (FTC) after hackers pwned nearly 13,000 home routers via an unpatched security flaw.

    > ...

    > To settle the case, Asus now has to hire independent security testers to run a full audit of its router's firmware, and call them back in every two years for the next two decades to audit what the company is doing with its firmware.

    https://www.theregister.com/2016/02/23/asus_router_flaws_settlement/

    7 0 Reply
  4. FirstTangoInParis Silver badge

    Voice over broadband

    Where Openreach are busy migrating copper POTS services to voice over broadband, subscribers are forced to take the ISPs solution if they still want a landline (kids ask your grandparents what they are) because that’s the only supported solution and the technical solution details haven’t been published.

    So while ASUS are getting their knuckles rapped here, other OEMs need to take note and issue code updates.

    3 0 Reply
    1. Richard 12 Silver badge
      Reply Icon

      Re: Voice over broadband

      Yes, the ONT modem in FTTP is an obvious point to attack.

      A consumer cannot upgrade it at all, we're completely reliant on the ISP or OpenReach keeping it up to date or replacing it.

      4 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Voice over broadband

      My ISP has a policy of not giving the SIP password. I eventually ended up connecting their router's JTAG to a serial USB, dumping memory when the router boots, and then finally I could set up my own router without losing the landline.

      1 0 Reply
    3. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Voice over broadband

      Yeah, harks back to the bad old days where it was actually illegal to connect things to your phone line and the GPO then BT would empty your bank account if you wanted a second phone in your house or, even worse, a second line.

      I guess it will get deregulated eventually but right now, those ONTs present a very attractive attack surface and that's without getting all paranoid about government snoops

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like