Lizard Stresser hacking tool relies on compromised home routers

Security expert Brian Krebs and a research team discovered that the Lizard Stresser DDoS tool relies on compromised Home Routers.

Over the holidays the Lizard Squad team knocked out the networks of Sony PSN and Microsoft Xbox live service using a tool they have designed to run DDoS attacks. The tool is dubbed Lizard Stresser and according to the security expert Brian Krebs its firepower is composed by thousands of hacked home Internet routers.

The Lizard Squad recently elaborated also a commercial offer for the Lizard Stresser which is proposing it with an attack-as-a-service model for sale.

The Lizard Stresser tool is a powerful DDoS tool that draws on Internet bandwidth from hacked home Internet routers worldwide.

The security experts in the last months have uncovered numerous campaigns targeting home routers and more in general SOHO devices exploiting known vulnerabilities in their firmware or poorly configured devices configured with default factory settings.

“As I noted in a previous story, the booter service — lizardstresser[dot]su — is hosted at an Internet provider in Bosnia that is home to a large number of malicious and hostile sites. That provider happens to be on the same “bulletproof” hosting network advertised by “sp3c1alist,” the administrator of the cybercrime forum Darkode. Until a few days ago, Darkode and LizardStresser shared the same Internet address. Interestingly, one of the core members of the Lizard Squad is an individual who goes by the nickname “Sp3c.”” states Brian Krebs in his blog post.

Analyzing the code of the malware used to recruit bot for the Lizard Stresser, Krebs discovered that the IP addresses of the botnet controller are hardcoded (217.71.50.x). The code used by the Lizard Squad is a variant of a Linux malware first discovered in November 2014 by experts at Dr. Web, it is able to run the attack and to scan the Internet searching for other devices to compromise.

Brian Krebs conducted the analysis with the support of a research team, which is also involved in investigation with law enforcement.

Below a few suggestions to improve the security of your home devices and avoid to be compromised by hackers:

Change the default credentials on the router by choosing a strong password.
Enable wireless encryption on your router. It is suggested to enable WPA2 that is actually the strongest encryption technology available.
Be aware of “Wi-Fi Protected Setup” (WPS) technology implemented by many routers to facilitate device configuration. Unfortunately, this technology could open the door to hacker even if you are using a WPA connection. I suggest you to disable WPS, you can do it accessing the router’s administration page.
Keep the firmware of your router updated.

Krebs suggests the reading of an interesting tutorial to improve security of your PC, “Tools for a Safer PC,” and I share his recommendation

Pierluigi Paganini

(Security Affairs – home router, Lizard Stresser)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.