To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- How are you defining network operators? Do you mean by the normal [in most cases home] user? Apparently flash is able to allow UPnP access per PDP's posting at www.gnucitizen.org. Apparently this is not a flaw and is a feature (we've heard that before) of Flash and works as advertised. However, most of the broadband routers have UPnP open by default, so all a malicious SWF file has to do is start taking action via UPnP from your Linksys/NetGear/D-Link/etc. home router. You might want to look into disabling this function as it apparently doesn't support any form of authentication.
Steven On Wed, 16 Jan 2008 12:10:40 -0600 (CST), Gadi Evron <[EMAIL PROTECTED]> wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > Props to Jeff Chan who I saw it from. > > Yes, I still believe these ISP distributed machines called broadband > routers > are a network operators issue. But not all may agree on that. > > ------ > http://news.yahoo.com/s/pcworld/20080116/tc_pcworld/141399 > > Flash Attack Could Take Over Your Router > > Robert McMillan, IDG News Service Tue Jan 15, 7:08 PM ET > > Security researchers have released code showing how a pair of widely used > technologies could be misused to take control of a victim's Web browsing > experience. > > The code, published over the weekend by researchers Adrian Pastor and > Petko > Petkov, exploits features in two technologies: The Universal Plug and Play > (UPnP) protocol, which is used by many operating systems to make it easier > for > them to work with devices on a network; and Adobe Systems' Flash > multimedia > software. > > By tricking a victim into viewing a malicious Flash file, an attacker > could use > UPnP to change the primary DNS (Domain Name System) server used by the > router > to find other computers on the Internet. This would give the attacker a > virtually undetectable way to redirect the victim to fake Web sites. For > example, a victim with a compromised router could be taken to the > attacker's > Web server, even if he typed Citibank.com directly into the Web browser > navigation bar. > > "The most malicious of all malicious things is to change the primary DNS > server," the researchers wrote. "That will effectively turn the router and > the > network it controls into a zombie which the attacker can take advantage of > whenever they feel like it." > > Because so many routers support UPnP, the researchers believe that "ninety > nine > percent of home routers are vulnerable to this attack." > > In fact, many other types of UPnP devices, such as printers, digital > entertainment systems and cameras are also potentially at risk, they added > in a > Frequently Asked Questions Web page explaining their research. > [...] > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law > enforcement upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
