New 'Chuck Norris' Botnet Infects Routers, Modems

Dennis Faas's picture

A new botnet that carries the namesake of perhaps the most famous American-born martial arts actor of all time is causing quite a stir across the Internet. The botnet received its name from a comment (written in Italian) in its source code: "in nome di Chuck Norris" which translates: "in the name of Chuck Norris".

So, how does one get infected with the infamous Chuck Norris botnet?

Those who have yet to change the default password on their home router are the most susceptible to an attack.

Norris Infects DSL Modems and Routers

The Chuck Norris botnet is also unusual because it infects DSL modems and routers rather than personal computers. More specifically, it installs itself on routers and modems by guessing default administrative passwords. (Source:

The botnet also takes advantage of the fact that many devices are configured to allow remote access. It preys on a known vulnerability in D-Link devices as well.

Once installed in the memory of the router, the botnet blocks remote communication ports and scans the network for other susceptible machines.

This is not the first time a botnet like Chuck Norris has caused an online disturbance. Similar to Psyb0t (a previous botnet model) Chuck Norris can infect an MIPS-based device running the Linux operating system if its administration interface has a weak username and password. (Source:

Czech Researches Catch Chuck

The Chuck Norris botnet was first discovered by Czech researchers.

Since its discovery, it has not stopped taking advantage of poorly configured routers and DSL modems, according to Jan Vykopal, the head of the network security department with Masaryk University's Institute of Computer Science in Brno, Czech Republic.

While the news may seem a bit bleak, there is one way for honest computer users to wriggle out of the Chuck Norris botnet deathgrip. Since the botnet lives in the RAM (random access memory) of the router, it can be removed via a router restart, which is as easy as unplugging the router and plugging it back in.

Users should also take this opportunity to consider the strength (or weakness) of those vital passwords barring entry to their routers and PCs.

Rate this article: 
No votes yet