New Botnet Worm 'Psyb0t' Targets Modems, Routers

Dennis Faas's picture

A new type of worm has been reported to infect 55 different home-based routers and DSL/cable modems has been discovered. Originating in Australia, Psyb0t, is the first worm capable of infecting residential routers and modems, including common brands like Linksys and Netgear.

A blog post from DroneBL researchers says that Psyb0t (also known as Bluepill) is suspected of infecting at least 100,000 hosts. (Source:

Check Your Vulnerability

According to DroneBL, you're only vulnerable if:

  • Your network device is a mipsel device
  • Your device allows telnet, SSH or web-based interfaces via the Wide Area Network (WAN)
  • Your username and password combinations are weak, or the daemons that your firmware uses are exploitable

Devices using custom firmware such as OpenWRT and DD-Wrt are also vulnerable. The routers and modems that end up infected do so typically because of an incorrect or lax configuration. (Source:

Plenty Of Time to Infect Devices

According to PC World, Psyb0t is armed with 6,000 common usernames and 13,000 popular passwords that it uses in dictionary attack to gain access to your network. (Source:

Many routers allow unlimited attempts to enter the correct username and password, which makes them a perfect target. Since most routers and modems are usually on 24 hours a day, the worm (which is powered through a botnet) has plenty of time to try gaining access.

Psyb0t is hard to detect and most home users may not be aware that they're infected. Once infected, the worm carries out commands from the author, creating a botnet.

Threat Posed by Psyb0t May be Overstated

APC Magazine reports that the botnet capabilities for this worm are no longer active. (Source:

The DroneBL blog says that the threat posed by Psyb0t is overstated. However, its appearance is troubling since it is so hard to detect and could be used to steal a user's personal information. (Source:

Regardless, it's very important to take precautionary measures such as making sure you don't use the default password and username that came with your modem / router (for example). Don't use weak or easy-to-guess passwords and usernames, either.

If you're afraid you may be infected, performing a simple factory reset will kill the worm, but then you'll have to make sure to change your default user name / password login. (Source:

More information on the Psyb0t worm can be found from the DroneBL blog.

Visit Bill's Links and More for more great tips, just like this one!

Rate this article: 
No votes yet