BNMC Blog

By accepting you will be accessing a service provided by a third-party external to https://www.bnmc.net/

Spreading Botnet has Years-Old Flaw to Thank

Spreading Botnet has Years-Old Flaw to Thank

When asked how one can prevent threats from attacking a business’ infrastructure, one of the first answers that we’d give is to ensure that all patches have been applied. Doing so will help to stop an attack from infecting your systems, if a patch has been successfully developed. Unfortunately, the recent spread of the BCMUPnP_Hunter botnet is evidence that not enough people are appropriately patching their systems.

Threat Background
This botnet was first spotted in September and has been infecting devices to help support a massive spam email campaign. By scanning for potential targets - routers with the BroadCom Universal Plug and Play (UPnP) feature enabled - BCMUPnP_Hunter is able to effectively zero-in on its victims and infect them. From there, the systems can then be taken over by the hacker.

In this case, it has been surmised that the network created by BCMUPnP_Hunter is intended to send out spam emails, as it creates a proxy that communicates with popular email servers. Attackers can also use botnets to generate an ill-gotten profit by generating fraudulent clicks. It has also become apparent that the person who created this malware has considerable skills.

BCMUPnP_Hunter appears to scan from over 100,000 sources, making this botnet a considerably large one.

How This Proves that Patches Aren’t Being Added
In order to accomplish its goal, BCMUPnP_Hunter relies on the target device having Broadcom UPnP enabled, as the botnet is leveraging a vulnerability in that particular feature to work.

The thing is, this vulnerability was discovered in 2013, and most manufacturers have long since released a patch for it. This would imply that the majority of devices infected by this threat are those that weren’t patched.

The Lesson
The lesson here is simple. Whether it’s for business or personal use, any equipment that is a part of your computing infrastructure needs to be maintained - and that includes applying patches promptly. Granted, they aren’t always broadcast to the public, but that only means that users (especially in the business environment) need to check every now and then.

An IT provider like BNMC can help with that. We’ll monitor both your systems and these kinds of announcements, making sure that your business’ technology is prepared for the latest threats that emerge. Call 978-482-2020 for more information.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, June 05 2020

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Productivity Business Computing Privacy User Tips Cloud Email Network Security Microsoft Hosted Solutions Software Hackers Computer Business Malware Efficiency Communication Google Small Business Data Workplace Tips IT Services IT Support Mobile Devices Hardware Cloud Computing Tech Term Internet Managed IT Services Data Recovery Innovation Ransomware Backup Smartphone Users Outsourced IT Upgrade Windows Mobile Device Smartphones Android Saving Money Miscellaneous Data Backup Business Continuity Disaster Recovery Windows 10 communications VoIP Facebook Server Phishing Information Business Management Browser Microsoft Office Cybersecurity Productivity Office 365 Managed IT Services Network Social Media Data Management Windows 10 Passwords Internet of Things Gmail Gadgets Vulnerability Remote Monitoring Word App Quick Tips Apps Mobile Office Encryption Managed Service Artificial Intelligence Chrome Infrastructure Information Technology Applications Website Router Save Money Employer-Employee Relationship Analytics Company Culture Virtual Reality Tip of the week Settings Managed Service Provider Remote Workers Money IT Support Networking BYOD Access Control VPN IT Management Data Security Google Drive Office Tips Content Filtering Virtual Private Network Bandwidth Robot Big Data Apple Automation Education Paperless Office Employee-Employer Relationship Storage Avoiding Downtime Government Antivirus Hacker Data storage Development Unified Threat Management Computers HIPAA YouTube Maintenance BDR Collaboration Firewall WiFi Risk Management Display Hosted Solution Document Management Humor Server Management Best Practice Business Technology Administration Solid State Drive Touchscreen Vendor Management Mouse Business Intelligence Wireless iOS Monitors Managed IT Chromebook Laptop Going Green Training Tablet The Internet of Things Hard Disk Drive Conferencing Managed Services End of Support Printing Augmented Reality Downtime MSP Marketing Two-factor Authentication Managing Stress Remote Computing Password OneNote Managed IT Service Data Breach Customer Relationship Management Scam Data loss SaaS IT Wi-Fi Telephone Systems Windows 7 desktop Holiday Software as a Service Break Fix Virtualization Social Network Spam Computing Search Outlook Bring Your Own Device Operating System Retail Alert LiFi Social Mobile Security Uninterrupted Power Supply Monitoring Solid State Drives Work/Life Balance Remote Work Work Spyware Shortcuts Mobile Management Customer Service Cyber Monday Typing Smart Tech Running Cable Samsung Current Events Payment Card Cooperation Service Level Agreement Buisness Computer Care IBM Streaming Processor Legislation Health Private Cloud Voice over Internet Protocol File Sharing Employee-Employer Relationships Office Hotspot Internet Exlporer Sports Troubleshooting Business Analysis SharePoint Tech Support Compliance Virtual Desktop Hybrid Cloud Microsoft Excel Logistics Spying National Security Techology IT Technicians Optimization Identity Theft Security Cameras Profiles Smart Technology Cryptocurrency Connectivity Lenovo Social Engineering IT solutions Inventory Staff Leominster Corporate Profile Human Error Memory Statistics Google Docs Modem FinTech Analysis Students How To Language Value G Suite Virus Downloads Websites Regulations Automobile Scalability Mail Merge Blockchain Hacks Asset Management Dell Updates VoIP Unified Threat Management Google Wallet Peripheral Mirgation Recycling Utility Computing Shortcut Distributed Denial of Service Bitcoin IoT Firefox Superfish Safety Shadow IT K-12 Schools WannaCry Device Reducing Cost Bluetooth Comparison Business Growth Cookies Cybercrime Cabling Mixed Reality Memes Computing Infrastructure Professional Services LED Threats Legal Social Networking Google Maps Migration Consulting Address Permissions PowerPoint User Error Unified Communications Drones Chatbots eWaste Laptops Patch Management Network Congestion Windows 8 Star Wars Gamification Wearable Technology Network upgrade Mobility Batteries Specifications Nanotechnology Alerts USB Co-Managed IT Heating/Cooling Multi-Factor Security Deep Learning Motherboard Cables Writing Mobile Device Management Onboarding GDPR Time Management Printer Identity Continuity Digital Payment Managed Services Provider Fraud Cost Management Halloween Slack Hard Disk Drives COVID-19 Smart Office Digital Print Toner Myths Dark Data Black Friday Update Alt Codes Screen Reader Charging Disaster Holidays Licensing Dongle Content Huawei Servers Google Calendar Wires Messaging Emergency Scary Stories Digital Signage Data Warehouse Network Management Politics Budget Solar Entertainment Vendor Dark Web Distribution Assessment How To Recovery Regulation Webcam Error Black Market Point of Sale Ben McDonald shares Law Enforcement Notifications Electronic Medical Records Travel Printers Physical Security Twitter Upgrades Gadget Supercomputer CrashOverride Emoji Crowdsourcing Staffing Motion Sickness Taxes Personal Information Botnet Administrator Web Server what was your? 3D Printing IT Budget Cortana GPS IT Consultant Financial Machine Learning Processors Cameras Unsupported Software Tracking Meetings Cleaning Computer Repair Relocation Mobile Computing CCTV Mobile Data

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3