New bot may threaten Cisco routers

Eric B. Parizo, Executive Editor

The security of networking gear from Cisco Systems Inc. is once again in the spotlight as a new bot threatens the networking giant's routers just as another flaw is patched.

Symantec Corp. and the SANS Internet Storm Center are among the sources to confirm the existence of W32.Spybot.ZIF, a network-aware bot that propagates by exploiting various Windows vulnerabilities.

According to Symantec, the bot "opens a back door by contacting an IRC server on the domain, through TCP port 6667." More specifically, it reportedly causes a boundary error when the authentication proxy is processing user authentication credentials.

As a result, a remote attacker can perform a number of functions on a compromised computer, some of which include:

  • Scan a specified network range for Cisco routers that may have vulnerable Telnet or HTTP servers running and report results back to IRC.
  • Start and stop threads and processes
  • Retrieve clipboard data
  • Steal passwords from protected storage
  • Perform a denial of service (DoS) attack

    While instances in the wild so far have been few, Symantec

    • Requires Free Membership to View

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: