Whether you are a home user, or a business's IT manager, there is a new virus spreading around the Internet that should cause you to take note. It targets routers - the equipment many home users and offices use to enable multiple computers to use one connection. Routers are also sometimes used to protect networks from outside attacks by hackers.

The Psybot virus (click HERE for more info) actually takes over routers, creating a large BOTNET that uses infected devices to launch attacks on other computers using SPAM or other techniques. Botnets can contain thousands or millions of computers (or in this case, devices) that are infected without their owners knowing about it.

The bottom line is that you should make sure your router is up to date. It's not not usually hard to update a router. But the process is sometimes a bit different from updating software on your computers.

You should consult your router's documentation, which probably came on a CD, or may be accessible from its Admin page. If you can't find the documentation (or the admin page, for that matter), check the make and model of your router and then search the Internet for those keywords, plus the search term "owner's manual" or "owner's guide". You should be able to find some online documentation that tells you how to "update the router's firmware". Many people never update their routers, which can leave the door open for these kinds of problems.

In many routers, you may need to download a file from the manufacturer's website, and then find a command to upload the file to the router's Admin page. The router will probably have to be restarted, and should then be up to date.

Final Note: Don't let the fact that this virus is targeting LINUX operating systems fool you. Even though your computer may use Microsoft Windows, the router is a different device, and many of them use the LINUX operating system.

A couple of points right up front:

1) The exploit targets router that have an admin interface exposed to the Internet AND that use poor passwords.

2) It is easy to detect if your router is compromised: You cannot connect to it via telnet, SSH, or HTTP.

3) The exploit appears to have been shut down by the operator. But who knows what's coming next?

In other words, let's not panic and flash our EEPROMs just yet.

(But then again, I don't believe in patching as the first solution to security problems.)

Re #1: By default, routers do NOT expose admin interfaces to the web, so this attack exploits systems where an admin has changed default router settings.

Re #1 and the previous comment: Any admin who opens admin interfaces to the Internet BUT does not use strong passwords or certificates should be shot, then fired.

Re #2: If you can connect to your router, it should be sufficient to double check that admin interfaces are not exposed AND that your admin passwords are strong. You should always change the admin password to something strong.

Re #2 and the previous comment: If you must expose admin interfaces to the Internet, use certificate authentication. If you do not know how to do this, DO NOT expose admin interfaces to the Internet. End of story. (Epilogue: If you don't know how to use certificate authentication and you do expose admin interfaces to the Internet, you should be shot.)

Re all of the above: Some commenters have predicted that the next round will be a web-page-based exploit that attacks the router from the inside, such as a Javascript application running on your PC that attempts to connect to your router from the LAN side using poor/default passwords, in order to open the router's admin interface to the Internet in order to make it vulnerable to this exploit. Nice, eh?

In other words, connect to your router right now and make the admin password strong.