Psybot: Botnet Based on Home Network Routers
DroneBL a distributed DNS Blacklist service, says in a recent blog post that a botnet named Psybot gained control of approximately one hundred thousand routers and that it became a victim of a distributed denial-of-service (DDoS) attack that was carried out by this botnet.
A botnet consisting primarily of routers is actually rather unusual. Usually Windows PCs are enslaved to act like zombies in a botnet. Psybot seems to have specialised in attacking small home network routers that run an embedded Linux for MIPS CPUs.
According to a description [.pdf] by Terry Baume, the Netcomm NB5 is one of the main targets. Baume says that for older versions of the DSL modem with router functionality, the web interface and an SSH port were directly accessible from the internet, access didn't even require a password. While this problem was later solved with a firmware update, it is questionable whether this update was installed on all the routers.