ESET researchers have identified a worm that is targeting cable modems, DSL modems, and home routers in order to pull off massive social networking fraud. The worm “hijacks victims’ internet connections in order to ‘like’ posts and pages, ‘view’ videos, and ‘follow’ other accounts,” according to a blog post written at We Live Security Blog.


The technical paper released by ESET says, “the Moose worm does not rely upon any underlying vulnerability in the routers – it is simply taking advantage of devices that have been weakly configured with poorly chosen login credentials. Unfortunately, this means that devices other than routers can be impacted by the worm in the form of accidental collateral damage. ESET’s team believes that even medical devices, such as the Hospira drug infusion pump, could be infected by the Linux/Moose worm.”

Moose Malware is on the loose and infecting Linux-based routers and devices running on the ARM and MIPS architectures. The name seems kind of goofy, dubbed Moose Olivier Bilodeu and Thomus Dupey of ESET, but clearly the threat this worm presents is not.

According to a graphic presented by ESET in their technical paper, the top three targets of the attack appear to be Instagram, Twitter, and SoundCloud. Other targets of the attack include Facebook, Google, Live, Yahoo, YouTube, and Vine. Sadly, there are plenty of people and companies out there who have no problem with hiring third-parties to help them manipulate their social standing, and the fake “likes” and “follows” that Moose provides will be hard for marketing teams to pick up. Especially those who, as We Live Security put it, “are keen to impress their bosses.”

Consumers are being advised to install the latest security patches, update passwords, and be on guard. For more information about the worm and how to protect yourself and your devices, read the technical paper released from ESET’s experts “Dissecting Linux/Moose (pdf).”