Lizard Stresser hacking tool relies on compromised home routers

Security expert Brian Krebs and a research team discovered that the Lizard Stresser DDoS tool relies on compromised Home Routers.

Over the holidays the Lizard Squad team knocked out the networks of Sony PSN and Microsoft Xbox live service using a tool they have designed to run DDoS attacks. The tool is dubbed Lizard Stresser and according to the security expert Brian Krebs its firepower is composed by thousands of hacked home Internet routers.

The Lizard Squad recently elaborated also a commercial offer for the Lizard Stresser which is proposing it with an attack-as-a-service model for sale.

The Lizard Stresser tool is a powerful DDoS tool that draws on Internet bandwidth from hacked home Internet routers worldwide.

The security experts in the last months have uncovered numerous campaigns targeting home routers and more in general SOHO devices exploiting known vulnerabilities in their firmware or poorly configured devices configured with default factory settings.

“As I noted in a previous story, the booter service — lizardstresser[dot]su — is hosted at an Internet provider in Bosnia that is home to a large number of malicious and hostile sites. That provider happens to be on the same “bulletproof” hosting network advertised by “sp3c1alist,” the administrator of the cybercrime forum Darkode. Until a few days ago, Darkode and LizardStresser shared the same Internet address. Interestingly, one of the core members of the Lizard Squad is an individual who goes by the nickname “Sp3c.”” states Brian Krebs in his blog post. 

Analyzing the code of the malware used to recruit bot for the Lizard Stresser, Krebs discovered that the IP addresses of the botnet controller are hardcoded (217.71.50.x). The code used by the Lizard Squad is a variant of a Linux malware first discovered in November 2014 by experts at Dr. Web, it is able to run the attack and to scan the Internet searching for other devices to compromise.

Brian Krebs conducted the analysis with the support of a research team, which is also involved in investigation with law enforcement.

Below a few suggestions to improve the security of your home devices and avoid to be compromised by hackers:

• Change the default credentials on the router by choosing a  strong password.
• Enable wireless encryption on your router. It is suggested to enable WPA2 that is actually the strongest encryption technology available.
• Be aware of “Wi-Fi Protected Setup” (WPS) technology implemented by many routers to facilitate device configuration. Unfortunately, this technology could open the door to hacker even if you are using a WPA connection. I suggest you to disable WPS, you can do it accessing the router’s administration page.
• Keep the firmware of your router updated.

Krebs suggests the reading of an interesting tutorial to improve security of your PC, “Tools for a Safer PC,” and I share his recommendation