Lizard Stresser service is powered by hacked home routers

Latest investigation by Brian krebs reveals that Lizard Stresser [ lizardstresser[dot]su ], a DDOS service launched late last year by a group called Lizard Squad is powered by hacked home routers. Lizard Stresser allows anybody to purchase a DDOS attack for a time period and the amount of time varies between the plan they are subscribing to. Lizard squad through their twitter account @LizardMafia claimed that it was Lizard Stresser behind the downtime for 4Chan website.

Someone is hitting 4chan with our booter, loling irl
— R.I.U. Lizard Squad (@LizardMafia) January 3, 2015

Latest article published at krebsonsecurity blog, reveals that latest evidence documenting a big uptick in the hacking of Internet routers. Over the past 18 months, researchers have uncovered several other large-scale attacks on routing devices, including those made by Asus, Linksys, and many other manufacturers. Routers are often ripe targets because users fail to change default passwords, and the devices often contain security vulnerabilities that can easily be exploited by attackers halfway around the globe.

Lizard squad
Lizard squad

As per the krebsonsecurity article, malicious code that converts vulnerable systems into stresser bots is a variation of Linux.BackDoor.Fgt.1 first documented in November by Russian security firm Dr. Web, but the malware itself appears to date back to early 2014.

As we can see in that writeup, in addition to turning the infected host into attack zombies, the malicious code uses the infected system to scan the Internet for additional devices that also allow access via factory default credentials, such as “admin/admin,” or “root/12345”. In this way, each infected host is constantly trying to spread the infection to new home routers and other devices accepting incoming connections (via telnet) with default credentials.

The botnet is not made entirely of home routers; some of the infected hosts appear to be commercial routers at universities and companies, and there are undoubtedly other devices involved. The preponderance of routers represented in the botnet probably has to do with the way that the botnet spreads and scans for new potential hosts. But there is no reason the malware couldn’t spread to a wide range of devices powered by the Linux operating system, including desktop servers and Internet-connected cameras.

Lizard squad is notorious for the DDOS attacks which knocked down PSN and XBOS last year on Christmas day and attack on tor network. Lizard squads attack on PSN and XBOX, later identified as an elaborate commercial for their new DDOS service called Lizard Stresser.