At the end of 2004, we are seeing a sharp increase in spam, driven by botnets that have grown throughout the year. Major national services have strengthened filters, but some attacks still manage to bypass blocks.
At the same time, the first attacks targeting home routers provided by internet service providers are beginning to emerge. The most affected devices are models with default passwords yet to be changed, such as the popular Thomson SpeedTouch 510/530. Attackers exploit these credentials to change DNS, open ports, or use the connection to send spam.
There are also more attempts to exploit exposed services such as SSH and Webmin, especially in small businesses that rely on older servers.
Prediction and recommendations:
If this trend continues, 2005 could bring large-scale automated attacks, especially on equipment with factory settings.
Recommendations:
– Immediate change of default router passwords.
– Disabling remote management when not necessary.
– Verification of DNS entries in SpeedTouch to ensure they have not been tampered with.
– Strengthening of spam filters in corporate environments.
