• arrakarkA
    link
    fedilink
    English
    arrow-up
    38
    ·
    2 days ago

    I have a TP-Link router. Maybe I’m an idiot, but I searched around for a bit and I literally could not find which models of router were effected. All articles about Botnet-7777 are frustratingly vague with this.

    • finitebanjo@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 day ago

      If you don’t use Microsoft Azure cloud services then it shouldn’t matter, for now. Might want to just avoid running those for a little while.

      The article also says:

      It’s unclear precisely how the compromised botnet devices are being initially infected. Whatever the cause, once devices are exploited, the threat actors often take the following actions:

      • Download Telnet binary from a remote File Transfer Protocol (FTP) server
      • Download xlogin backdoor binary from a remote FTP server
      • Utilize the downloaded Telnet and xlogin binaries to start an access-controlled command shell on TCP port 7777
      • Connect and authenticate to the xlogin backdoor listening on TCP port 7777
      • Download a SOCKS5 server binary to router
      • Start SOCKS5 server on TCP port 11288.

      So maybe setting up some firewall rules could also help prevent further problems.