Linksys Router Malware “The Moon” Could Make Browsing On Your Android Device Slow

Are you suffering from slow browsing issues on your Android device while connected to your Linksys home router? There’s a huge possibility that the problem isn’t on your mobile device but on your router itself. A new malware has just been discovered called “The Moon” that affects Linksys routers. The affected models include E300, E900, E1000, E1200, E1500, E1550, E2000, E2100L, E2500, E3000, E3200, E4200, WAG320N, WAP300N, WES610N, WAP610N, WRT610N, WRT400N, WRT600N, WRT320N, WRT160N, and WRT150N.


Linksys has released a statement regarding this issue saying that “Linksys is aware of the malware called The Moon that has affected select older Linksys E-series Routers and select older Wireless-N access points and routers.  We will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks.”

The Moon was first discovered by the SANS Institute’s Internet Storm Center which issued a public notification about the threat last February 12. What this malware does is that it bypasses the authentication of the router by logging in even without the username and password. Once it is able to enter the router it floods the network with traffic on ports 80 and 8080. This results in heavy activity and will slow down the Internet connectivity across all devices.

To avoid getting this malware, users who own any of the affected Linksys products should patch their devices and disable the remote admin interface. It is also better if firewall rules to block inbound connections are set.

Linksys has also released several steps that consumers can tale to prevent The Moon from infecting the home network.

  • Access the router’s web-based setup page.
  • Verify if your Linksys router has the latest firmware.  The current firmware version can be seen in the upper-right corner of the web-based setup page.  If your router doesn’t have the latest firmware version, update it through the Linksys Support Site.
  • Once you have verified that the router has the latest firmware, click the Administration tab.
  • Make sure that the Remote Management option under the Remote Management Access section is set to Disabled.
  • Click the Security tab.
  • Make sure that the Filter Anonymous Internet Requests option under Internet Filter is checked.
  • Click Save Settings.
  • Powercycle the router by unplugging it from the power source then plugging it back in.  This should clear the cache and remove the malware if your router has been infected.

via linksys