Just like Microsoft in desktop PCs, Cisco devices are the dominant device in networking. A hacker has developed a "rootkit" that can do malicious things to the router and perhaps traffic flowing through it -- undetected. Of course, the would be hacker would have to obtain the router admin password which would be "Very Difficult To Do". Not. (Hint: try password, Password, Password1 or P@55w07d. If none of those work try starfleet ship names or planets from st@r w@rs)
May 14 - Hacker writes rootkit for Cisco's routers.
A security researcher has developed malicious rootkit software for Cisco Systems' routers, a development that has placed increasing scrutiny on the routers that carry the majority of the Internet's traffic. A researcher with Core Security Technologies developed the software, which he will unveil on May 22 at the EuSecWest conference in London. Rootkits are stealthy programs that cover up their tracks on a computer, making them extremely hard to detect. To date, the vast majority of rootkits have been written for the Windows operating system, but this will mark the first time that someone has discussed a rootkit written for IOS, the Internetwork Operating System used by Cisco's routers. "An IOS rootkit is able to perform the tasks that any other rootkit would do on desktop computer operating systems," said the developer. Rootkits are typically used to install key-logging software as well as programs that allow attackers to remotely connect with the infected system. A Cisco rootkit is particularly worrisome because, like Microsoft's Windows, Cisco's routers are very widely used. Cisco owned nearly two- thirds of the router market in the fourth quarter of 2007, according to research firm IDC. In the past, researchers have built malicious software, known as "IOS patching shellcode," that could compromise a Cisco router, but those programs are custom- written to work with one specific version of IOS. The new rootkit will be different. "It could work on several different versions of IOS," he said. The software cannot be used to break into a Cisco router -- an attacker would need to have some kind of attack code, or an administrative password on the router to install the rootkit, but once installed it can be used to silently monitor and control the device.
Source:
http://www.pcworld.com/businesscenter/article/145898/hacker_writes_rootkit_for_ciscos_routers.html
Sent via BlackBerry by AT&T
