@[email protected] to [email protected]English • 1 year agoMystery malware destroys 600,000 routers from a single ISP during 72-hour spanarstechnica.comexternal-linkmessage-square26fedilinkarrow-up1208
arrow-up1208external-linkMystery malware destroys 600,000 routers from a single ISP during 72-hour spanarstechnica.com@[email protected] to [email protected]English • 1 year agomessage-square26fedilink
minus-squareStarDreamerlinkfedilinkEnglish13•1 year agoAs someone who works with 100Gbps networking: why the heck do these routers run Lua of all things???
minus-square@[email protected]linkfedilinkEnglish2•1 year agoI imagine the malware binary includes a lua interpreter for executing scripts fetched from its command and control server.
minus-squareMax-PlinkfedilinkEnglish9•1 year agoOpenWRT uses Lua for its web UI. The interpreter can be really small which works well for tiny embedded devices with mere megabytes of storage, and it’s much safer than writing a web GUI entirely in C.
minus-squareStarDreamerlinkfedilinkEnglish2•1 year agoYeah I completely forgot about the consumer side of things. I was expecting there being Cisco iOS/FRR router configs, not a full web dashboard.
As someone who works with 100Gbps networking:
I imagine the malware binary includes a lua interpreter for executing scripts fetched from its command and control server.
OpenWRT uses Lua for its web UI. The interpreter can be really small which works well for tiny embedded devices with mere megabytes of storage, and it’s much safer than writing a web GUI entirely in C.
Yeah I completely forgot about the consumer side of things. I was expecting there being Cisco iOS/FRR router configs, not a full web dashboard.