@[email protected] to [email protected]English • 11 months agoMystery malware destroys 600,000 routers from a single ISP during 72-hour spanarstechnica.comexternal-linkmessage-square26fedilinkarrow-up1208
arrow-up1208external-linkMystery malware destroys 600,000 routers from a single ISP during 72-hour spanarstechnica.com@[email protected] to [email protected]English • 11 months agomessage-square26fedilink
minus-squareStarDreamerlinkfedilinkEnglish13•11 months agoAs someone who works with 100Gbps networking: why the heck do these routers run Lua of all things???
minus-square@[email protected]linkfedilinkEnglish2•11 months agoI imagine the malware binary includes a lua interpreter for executing scripts fetched from its command and control server.
minus-squareMax-PlinkfedilinkEnglish9•11 months agoOpenWRT uses Lua for its web UI. The interpreter can be really small which works well for tiny embedded devices with mere megabytes of storage, and it’s much safer than writing a web GUI entirely in C.
minus-squareStarDreamerlinkfedilinkEnglish2•11 months agoYeah I completely forgot about the consumer side of things. I was expecting there being Cisco iOS/FRR router configs, not a full web dashboard.
As someone who works with 100Gbps networking:
I imagine the malware binary includes a lua interpreter for executing scripts fetched from its command and control server.
OpenWRT uses Lua for its web UI. The interpreter can be really small which works well for tiny embedded devices with mere megabytes of storage, and it’s much safer than writing a web GUI entirely in C.
Yeah I completely forgot about the consumer side of things. I was expecting there being Cisco iOS/FRR router configs, not a full web dashboard.