Rootkit Written Targeting Cisco Routers

According to this article posted on CSO Online, a security researcher named Sebastian Muniz has created a rootkit that will work on "several different versions of IOS." 

One of the concepts that I have been throwing out there since we originally started talking about drive-by pharming (aka DNS Rebinding attack) is the potential of similar vulnerabilities being exploited in an effort to move malware infections out closer to the network edge and create a "router bot" whereby a compromised router could potentially be used for the distribution of spam, viruses, and malware similar to how PCs are used today.  This would be even more difficult to detect than a PC based malware infection, however as I do not believe that there are any network device based rootkit/malware detection engines that even exist right now (please do correct me if I am wrong here) although this may certainly create a market for them.  Would you be able to easily detect if your router was being used to distribute spam if it wasn't affecting your web browsing or normal internet usage?  Not likely.

One of the things that concerned me from the article was the quote from EuSecWest conference organizer Dragos Ruiu where he said that "nobody thought you could actually build exploits for Cisco."  This is a dangerous attitude to have for any software application.  I like to say "Where there is software, there are vulnerabilities."  This is often followed by "Where there are vulnerabilities, there are exploits" although far more vulnerabilities exist than there are exploits written for them. 

One should never assume that software is hacker-proof.  It very well may be (however unlikely), but even making the assumption or suggestion is when you've conceded that your guard has been let down.  Always remain diligent in your pursuit of security!

Ok, I'll step off my soapbox now.  Have a great weekend!