Ars Technica is running a story on how the Sartori botnet has been actively targeting widely used D-Link DSL Internet modems in a effort to expand its infected base and likely launch new, and more sophisticated attacks against networks and devices. What makes the focus on D-Link notable is its position as one of the most widely used by U.S. telecommunication providers (Verizon, being a notable example) for home and small business customers.

Ars describes the attack:

Attack code exploiting the two-year-old remote code-execution vulnerability was published last month, although Satori’s customized payload delivers a worm. That means infections can spread from device to device with no end-user interaction required.

Equally troubling is the silence from D-Link, which has yet to offer any guidelines to end-users on how to mitigate the attacks:

D-Link’s website doesn’t show a patch being available for the un-indexed vulnerability, and D-Link representatives didn’t respond to an email seeking comment for this post.

The full article is below, along with advisory that people currently using these devices strongly consider an immediate replacement:

https://arstechnica.com/information-technology/2018/06/widely-used-d-link-modemrouter-under-mass-attack-by-potent-iot-botnet/