Botnets are networks of infected devices that cybercriminals use to launch attacks, such as the mass sending of spam emails, denial of service attacks or DDoS, credential theft, etc. Once a device is infected, it will become part of the botnet network whose goal is to continue expanding.
ASUS routers turned into botnets
Do you have an ASUS router at home? Well, this interests you: Researchers from the cybersecurity company TrendMicro have published a report where warn of the vulnerabilities that the routers of the ASUS brand have and that they are being targeted by the “Cyclops Blink” botnet, which apparently intends to build an infrastructure for new attacks on high-value targets.
According to the affected models, there would be more than 3,500 routers likely to be vulnerable to this threat in Spain. If you have an Asus router, go to this link to find out if your model is among those affected, which we also list below:
- GT-AC5300 firmware por debajo de 126.96.36.199.386.xxxx
- GT-AC2900 firmware below 188.8.131.52.386.xxxx
- RT-AC5300 firmware por debajo de 184.108.40.206.386.xxxx
- RT-AC88U firmware below 220.127.116.11.386.xxxx
- RT-AC3100 firmware below 18.104.22.168.386.xxxx
- RT-AC86U firmware below 22.214.171.124.386.xxxx
- RT-AC68U, AC68R, AC68W, AC68P firmware por debajo de 126.96.36.199.386.xxxx
- RT-AC66U_B1 firmware por debajo de 188.8.131.52.386.xxxx
- RT-AC3200 firmware below 184.108.40.206.386.xxxx
- RT-AC2900 firmware below 220.127.116.11.386.xxxx
- RT-AC1900P, RT-AC1900P firmware por debajo de 18.104.22.168.386.xxxx
- RT-AC87U (EOL)
- RT-AC66U (EOL)
- RT-AC56U (EOL)
If you do not see it in the list, you can rest easy. If you see it, do the following to recover it:
- Reset the device to factory settings: Sign in to web graphical user interface (http://router.asus.com), go to Administration > Restore/Save/Load Settings, click “Initialize all settings and clear all data log”, and then click the Restore button.
- Update all devices to the latest firmware.
- Make sure the default admin password has been changed to a more secure one.
- Disable remote management (Deactivated by default, can only be activated through advanced settings).