The ISC shares update on Linksys Moon worm

QUOTE: It has been over a month since we saw the “Moon” worm first exploiting various Linksys routers. I think it is time for a quick update to summarize some of the things we learned since then. Infected systems will run an additional https server on a random port. The communication we observed in earlier posts is just https, using a self signed certificate. The server also provides statistics pages with summaries listing infected systems