A 100,000-router botnet is feeding on a 5-year-old UPnP bug in Broadcom chips At least 116 different router models are infected by unusually well-written malware. A recently discovered botnet has taken control of an eye-popping 100,000 home and small-office routers made from a range of manufacturers, mainly by exploiting a critical vulnerability that has remained unaddressed on infected devices more than five years after it came to light. Researchers from Netlab 360, who reported the mass infection late last week, have dubbed the botnet BCMUPnP_Hunter. The name is a reference to a buggy implementation of the Universal Plug and Play protocol built into Broadcom chipsets used in vulnerable devices. An advisory released in January 2013 warned that the critical flaw affected routers from a raft of manufacturers, including Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, and US Robotics. The finding from Netlab 360 suggests that many vulnerable devices were allowed to run without ever being patched or locked down through other means. Last week's report documents 116 different types of devices that make up the botnet from a diverse group of manufacturers. Once under the attackers' control, the routers connect to a variety of well-known email services. This is a strong indication that the infected devices are being used to send spam or other types of malicious mail. ... https://arstechnica.com/information...g-on-a-5-year-old-upnp-bug-in-broadcom-chips/ --------------- Personally, I keep my router's firmware updated, but it is apparently a manual process that does not happen automatically. It should be a no-brainer for such devices to install updates periodically to protect against such exploits. If Windows 10 is going to force updates, routers should also.
Now that you mention it, I think my ISP does the same thing with their DSL modem/router units. I use my own, though, because I wanted the option to use custom DNS servers. I could change that setting in their unit, but then I'd find it magically reset to their servers when next I would check.