Computerworld is
reporting the possibility of a worm or bot in the wild that is specifically targeting D-Link branded routers. It refers to a three year old vulnerability which Symantec security researchers believe is being exploited by a new exploit. Apparently, the Symantec security response team has seen an increase in attack activity as it relates to D-Link devices.
Oliver Friedrichs, director of the Symantec security response team, is quoted as saying that it looks like hackers are "exploiting the SNMP vulnerability to reset and reconfigure the administrative password on the routers" after scanning TCP port 23 for an active SNMP service.
The report goes on to suggest that router vulnerabilities are up, and unsurprisingly so are attacks against routers as a result. Unfortunately, there is no comment from D-Link itself with regard to whether it had investigated if this vulnerability was being exploited, nor indeed if it had ever been patched.
