Early this year, Terry Baume encountered something highly unusual -- a Netcomm NB5 DSL modem router infected by a botnet. The embedded device, powered by a MIPS processor running in little-endian mode (mipsel), was running a bit of malicious code known as PSYB0T 2.5L.

The botnet was originally thought to be a test, an experiment to see how this technology worked. It was shut down quickly by the botnet operator once its existence became public knowledge.

It now appears to have returned, and evolved into a new beast, PSYB0T 2.9L, and it affects more than Netcomm NB5 devices. Approximately 30 Linksys devices, 10 Netgear models, and 15 other models and brands of DSL modems and routers are at risk, including those running custom firmware, such as OpenWRT and DD-WRT.

That's the bad news. The good news is removing it, and ensuring it doesn't return, is fairly simple. In fact, DroneBL, the organization that scans for botnets and vulnerable machines, says that 90% of the routers involved are afflicted only because of user error.