It has been drawn to our attention that there are concerns about early versions of NetComm NB5 routers being compromised by a Botnet known as PSYB0T. This is due to the WAN (Wide Area Network) configurability of some of these modem-routers being set to ON by default. In cases where users have NOT changed their password away from the factory default of admin, the devices can then potentially configured by external parties via the Internet.

It has been drawn to our attention that there are concerns about early versions of NetComm NB5 routers being compromised by a Botnet known as PSYB0T. This is due to the WAN (Wide Area Network) configurability of some of these modem-routers being set to ON by default. In cases where users have NOT changed their password away from the factory default of admin, the devices can then potentially configured by external parties via the Internet.

It is of course not only NetComm routers that can be affected by this bot. Many other brands of similar vintage may be compromised, especially when owners have not changed the factory password settings or kept their device up-to-date with the latest firmware.

Who could be affected?

The NB5 versions that are potentially affected were shipped between June 2005 and December 2005.

The best way for customers to check if they have an NB5 shipped during this time is to look at the label on the bottom of the unit. The units in question will display a Firmware Number (F/W) beginning with either 38. or 62. (For example 62.51.1)

Amongst this small group of versions, the Bot only has the potential to manifest in those devices where users have not changed their default password and upgraded to the latest firmware.

Since the issue with WAN configuration being set to ON was recognized four years ago, all NetComm devices and firmware upgrades have been designed with the WAN configuration defaulting to OFF.

This means that any NetComm device other than those with the model, date and F/W ranges described above are not affected by this vulnerability.

This possible issue with a small number of NB5 versions was first mentioned to us late in 2008. Subsequent testing by NetComm engineers has confirmed that our other products are not affected.

What can be done?

As with any device, changing the default password on your router and upgrading to the latest firmware version is crucial. Since viruses like PSYBOT can also rely on a brute force dictionary-based attack to crack passwords, choosing a password that is not based upon actual words is best. Always include a mixture of characters and numbers in any password to increase its strength.

Instructions for changing the username and password can be found in the User Manual of the NB5. If required, this can be found on the NetComm website at http://media.netcomm.com.au/public/assets/pdf_file/0015/13632/NB5_UG.pdf

To upgrade to the latest version of firmware for any NetComm device, please go to http://www.netcomm.com.au/support

Additionally, should any owner of any NetComm router have any questions or concerns, they are welcome to contact our Technical Support staff by phone or email. Contact details for all states are available at http://www.netcomm.com.au/contact_us 

Further enquiries can be directed to:
Mat Hardy
NetComm PR Manager
MatthewH@netcomm.com.au
0414 416 622