http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/ Engadget Comments for Viral "WiFi flu" router virus almost as fun as the real thing http://www.engadget.com/media/feedlogo.gif http://www.engadget.com en-us Copyright 2009 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/
Very accurate data they provide]]>Jan 3rd 2008 4:32PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 4th 2008 12:51PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 4:37PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/
]]>Jan 3rd 2008 5:09PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/
Instead of unplugging it, you should just set up MAC filtering for the wifi.]]>Jan 4th 2008 10:32AMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 4:38PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 4:40PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 5:04PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/
Try this - On the router, use "256 bit WPA PSK" and enter your passphrase.

On the Wii, select "WPA-PSK (TKIP)" and enter the passphrase you used on your router.

That should do it!]]>Jan 3rd 2008 5:10PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 4th 2008 8:02AMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 4:40PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 4:46PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 4:55PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.extremetech.com/article2/0,1697,1152933,00.asp to "really" setup your wireless network. It may be somewhat outdated, but the same principles apply to all wireless networks and go for the strongest encription possible.]]>Jan 3rd 2008 5:09PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 6:39PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 6:46PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Uh, yeah but any WiFi sniffer will be able to find the MAC addresses of the adapters. That data doesn't get encrypted the way the payload does.]]>Jan 3rd 2008 7:52PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 4:44PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 5:32PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 5:09PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 4:43PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 4:45PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 4:56PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/1) WPA
2) and MAC Filtering
3) and 14+ Digit Alpha Numeric Password.
4) and changing default login settings. (Password & Account)
]]>Jan 3rd 2008 4:50PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Your password is basically useless even with WPA-PSK if the following two conditions are met:
- You didn't change your SSID to something unique (it's used to salt the keys used in the network)
- Your passphrase is less than 21 chars long.

You can basically download rainbow tables for all passphrases up to 20 chars and for about 1000 different default SSIDs.]]>Jan 4th 2008 6:12AMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/
(NOT!)

]]>Jan 3rd 2008 6:55PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/
It sounds like an attempt to scare people into turning on encryption so neighbors can't share their connection. The cable/phone companies would rather have everyone have their own secure router and pay them $40/month each...]]>Jan 3rd 2008 4:57PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/It could change the DNS server given to an infected DNS server.
So instead of going to 171.159.65.173 when you type in Bankofamerica.com (example)
it goes to 66.98.152.244 even though your web pages shows "bankofamerica.com" and You used your shortcut that you've always used.
]]>Jan 3rd 2008 5:03PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/
Connection encryption is not even the mechanism that is intended to stop this - the password is what is supposed to stop it.]]>Jan 3rd 2008 5:20PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 4:57PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 5:00PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 5:15PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 5:26PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 4th 2008 7:23AMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.howtoforge.com/perfect_linux_firewall_ipcop
http://www.howtoforge.com/perfect_linux_firewall_ipcop_p2
add to that the following:
http://www.zerina.de/zerina/
or
http://www.ban-solms.de/t/IPCop-copspot.html

Cheers.]]>Jan 3rd 2008 5:16PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/
Password ]]>Jan 3rd 2008 6:45PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/

Password is a bad password, so would P@ssword.
}~eQZCI#t_H*:53m@QRQ*] Would be a pretty good password.]]>Jan 3rd 2008 6:47PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/I agree with your assesment of password strength as I use KeePass to generate strong and unique passwords for each piece of network equipment and every website that require them. However, the crack I am referring to is not based on a dictionary attack.
"...demonstrates how this wireless protection method can be cracked with only four packets of data. ... A second flaw exists in the method with which WPA initializes its encryption scheme. Consequently, it's actually easier to crack WPA than it is to crack WEP." see http://www.ciscopress.com/articles/article.asp?p=369221
]]>Jan 3rd 2008 10:14PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 4th 2008 3:19AMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2007/10/24/elcomsoft-turns-your-pc-into-a-password-cracking-supercomputer/

The point I am trying to make is that WPA uses a pre-shared key. The entire key has to be transmitted for the authentication sequence. Even if it is encrypted, it is prone to cracking. Implementing a VPN solution is the best way in a Small Office or Home Office to ensure a secure connection without having to setup a RADIUS server.

If people do not want to setup a VPN, your suggestion of a non-dictionary sequence is a good one. However, with the price of computing power via cpu or gpu dropping so fast, cracking even the most complex password takes only a matter of days. Changing the key to your WPA every few days will eliminate that threat, but who wants to take time do that every few days?]]>Jan 4th 2008 9:45AMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 6:19PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/
And how could it possibly be able to work across multiple brands and operating systems of routers?

This is patently absurd.]]>Jan 3rd 2008 7:57PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 10:13PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 3rd 2008 11:10PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/Jan 4th 2008 1:13PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/
This is no different than a bunch of tin foiled idiots saying it's possible that sometime this year an evil force will rain down herpes on all of us unless we submit to the new god McButtNutt.

The only possible good this article did is to get the ignorant (I mean that nicely, not derogatorily) to be motivated to become educated.

This is so ludicrous, I have decided to tear it apart in order of importance:

1) It requires actual access to the routers administration interface. This is, for the most part, HTTP and cannot be accomplished by telnet, etc. Sometimes that cannot happen over the WLAN at all. There are devices that ship that way by default. The WLAN is NOT to be confused with the WAN either. You may be able to access it over the internet, but not from a wireless AP client of the AP itself running on the router. I do know there are PLENTY of standalone AP's that allow administrative access from a wireless AP client. Many times I have accessed an AP from the other side of a wireless bridge and modified some of its settings. Standalone APs are RARE. They almost don't even sell them anymore in retail outlets. You have to special order them or get them on the internet. Considering how rarely they are used, and by who they are used, I would say standalone APs are generally configured by more sophisticated people that configure them better.

2) Assuming, that there was a device that allowed administrative access to it through the WLAN by default, it would still require the password. Sure there are plenty of unprotected routers on default settings. Not a problem. However, just how close are these unprotected nodes to each other? Do they really form a contiguous wireless chain? 36% being brute forced, is not the same as a default password. That percentage is even less according to that statistic. It would take a fair amount of time to brute force a wireless router. If it took you 48 hours to brute force a SINGLE node to use it to extend your reach and brute force other nodes, it would take a unreasonable amount of time to compromise 20,000 networks. I think they would have Wireless-Z 802.11ZZZZAE by that time. I have been at many clients, family, and friends houses and helped them with their routers and/or experienced what wireless APs were in service in RANGE. From my own experience, it is actually below 50% unprotected routers. Meaning, less than 50% of the locations had unprotected routers in the first place. Where I live right now, there are about 15 APs in range and NONE of them are unprotected. That would lead me to believe that a contiguous coverage "bubble" may not actually exist in the FIRST PLACE.

3) Assuming a wealth of customized attack firmwares available, it would still disrupt service. Statistically, SOMEONE is going to notice. They may not understand what is going on, but they very well could do the ol' power cycle trick. That would most likely brick the device and thereby solve the problem. New router, or RMA'd router with newer firmware that may have stronger security settings by default. Maybe not a strong point, but a valid observation. A single person would probably not connect the dots and conclude a conspiracy, but just something to consider. The need for a large amount of customized attack firmwares is very important though, more on that later.

4) Assuming that you did indeed compromise a network of 20,000 wireless routers forming one hugely connected contigious bubble of coverage in a city. What NOW? Internet Access? You already had that. They were unprotected. Run a whole P2P network using all of that bandwidth to receive or send more porn? How? You would need compromised machines on each one of those networks since the router itself cannot store any amount of data. Compromise the machines on those networks for some nefarious purpose? Great. A whole other futile project. You can get machines bot netted or otherwise controlled in different methods far easier than that. Maybe I am lacking in vision, but anything destructive would most likely prompt the creation of 20,000 wireless networks with a higher percentage being better secured. Diminished Returns to be sure, that 5th wave is going bear far less fruit.

Don't underestimate how hard it would be to program literally a couple hundred attack firmwares. It would be insanely difficult and require government sanctioned resources to create and maintain something like that. Maybe China could pull that off, but not this week or next month or next year. Hell, the manufacturers have the resources and their firmware can SUCK :)

Unless you could have enough firmwares to ensure a reasonable ability to chain from one router to the next, your little worm is going to stop dead in its tracks. The more firmwares, the higher success rate, and therefore greater coverage area of the infected routers which leads to the possibility of even more victims. Some people have posted that the worm would have to store all possible firmwares. That is not true. There are plenty of Malware delivery vehicles that rely on so called dark websites to host the payloads. This could operate just the same. An infected router could analyze a brute force router and select the appropriate firmware and attack protocols to download from a location on the internet.

Even STILL, who is actually going to create the attack code in the first place? Those morons even pointed out that it does not exist. A HUGE task to undertake. Why not take those very talented resources and work for Linksys, and the others to help them out with their even shittier firmwares they already have. Probably make more money. I know its possible to create something like this, but the immense and overwhelming nature of it makes it so improbable. There is a better chance I'll wake up with Ron Jeremy's penis tomorrow... and the chance to stick it where he has.

I guess we should be grateful though, many Bothans probably died to bring us THAT information]]>Jan 5th 2008 12:19PMhttp://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/http://www.engadget.com/2008/01/03/viral-wifi-flu-router-virus-almost-as-fun-as-the-real-thing/
Last time I checked, you could not make a backup of the existing firmware. Not every router allows you to make backups of the settings either.

This means that current settings could only be obtained by inspection through the web interface. If it had to brute force a password, then it stands to reason that other settings were modified as well. I have a hard time believing that the administrative password was changed from the default, and encryption/authentication was NOT enabled on the wireless router as well. That means the attack firmwares may actually have to store intercepted packets in memory and break the wireless encryption. I seriously wonder if those wireless routers have enough processing power and/or memory to perform such attacks in the first place.

If the worm does not copy those settings back, then any resultant disruption of services due to the missing settings will alert the owner to check on the device. If they call tech support, the first thing they ask is what the current firmware revision is and they may direct the owner to update the firmware to correct the error.

If the local subnet was changed from default, the owner will notice that right away too. If they type in 192.168.x.1 and don't get the page they were expecting, then regardless of their level of experience, they are going to investigate.

Too many problems with this whole Wi-Fi firmware "virus" to begin with. I could spend the whole day coming up reasons that its bullshit.]]>Jan 5th 2008 12:44PM