Look out for traffic to and from these IP addresses and ports
November 8th, 2018, By Richard Chirgwin
Once again, a hundred thousand or more home routers have been press-ganged into a spam-spewing botnet, this time via Universal Plug and Play (UPnP).
According to brainiacs from 360 Netlab, the malware exploits vulnerabilities in a Broadcom UPnP implementation to infect vulnerable gateways, and that means a load of router manufacturers are affected because their kit uses that technology.
Equipment built by Billion, D-Link, Linksys, Technicolor, TP-Link, ZTE, Zyxel, and Australian supplier NetComm, plus a bunch of devices supplied under ISP brands like CenturyLink and Australian ISP iiNet, are among the 116 device models identified as infected by the malware.
Full Article.