The Moose Linux Router Worm is more like Bullwinkle, honestly

© June 2015 Anthony Lawrence

I've been seeing frightening headlines about a new threat to Linux based routers. "Moose - the router worm with an appetite for social networks", "Dissecting the Linux/Moose malware", "Moose worm targeting Linux-based routers and systems" and more. Bar the door and get out the rifles, boys: we are under attack!

There's even an imposing list of "affected vendors": 3Com, Alcatel-Lucent, Allied Telesis, Avaya, Belkin, Brocade, Buffalo, Celerity, Cisco, D-link, Enterasys, Hewlett-Packard, Huawei, Linksys, Mikrotik, Netgear, Meridian, Nortel, SpeedStream, Thomson, TP-Link, Zhone, ZyXEL and more. Forget the rifles, we need cannons!

Really? According to an Arstechnica article that came complete with a scary graphic, the Linux/Moose malware "exploits routers open to connections from the Internet via Telnet by performing brute-force login attempts using default or common administrative credentials".

Say what? Telnet? Default credentials?

Honestly, how can you look at me with a straight face and call this a Linux security issue? ANY ROUTER WITH DEFAULT CREDENTIALS IS A SECURITY THREAT! This isn't a Linux security issue; it's an idiot's security issue!

On my systems, I'm meeting this threat head-on by doing absolutely nothing. I never had telnet open to start with and default credentials were changed before any of my routers first connected to the internet. Linux security threat? Nonsense.

The Moose is loose: Linux-based worm turns routers into social network bots

Got something to add? Send me email.

---

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us