How to prevent your Linksys router from getting The Moon malware

Linksys is aware of the malware called The Moon that has affected select older Linksys Wi-Fi Routers and Wireless-N access points and routers.  We will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks.

What is The Moon malware?

The Moon malware bypasses authentication on the router by logging in without actually knowing the admin credentials.  Once infected, the router starts flooding the network with ports 80 and 8080 outbound traffic, resulting in heavy data activity.  This can be manifested as having unusually slow Internet connectivity on all devices.
What should I do to prevent this malware from infecting my router?
There are several steps on how to prevent The Moon malware from infecting your network.  Follow the steps below to learn how:

Step 1:
Access the router’s web-based setup page.  
Step 2:
Verify if your Linksys router has the latest firmware.  The current firmware version can be seen in the upper-right corner of the web-based setup page.  If your router doesn’t have the latest firmware version, update it through the Linksys Support Site.  To learn how, click here.

NOTE:  To check the firmware version of a Linksys Smart Wi-Fi Router using Linksys cloud account, click here.  

Step 3:
Once you have verified that the router has the latest firmware, click the Administration tab.

NOTE:  If you have upgraded the firmware of the router, access the router’s web-based setup page again then click on the Administration tab.
Step 4:
Make sure that the Remote Management option under the Remote Management Access section is set to Disabled.

Step 5:
Click the Security tab.

Step 6:
Make sure that the Filter Anonymous Internet Requests option under Internet Filter is checked.

Step 7:
Click Save Settings.
Step 8:
Powercycle the router by unplugging it from the power source then plugging it back in.  This should clear the cache and remove the malware if your router has been infected.


Was this support article useful?

Additional Support Questions?
Search Again