What's new

FBI to America: Reboot Your Routers, Right Now

gsilbers

Part of Pulsesetter-Sounds.com
https://www.popularmechanics.com/technology/security/a20918611/vpnfilter-malware-reboot-router/?src=socialflowFBPOP


The FBI has issued a dire warning to everyone who has a router in their home. The Internet Crime Complaint Center sent a rare Public Service Announcement declaring: "Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide."

The hackers are using VPNFilter malware to target small office and home office routers, the FBI said. "VPNFilter is able to render small office and home office routers inoperable," the FBI warns. "The malware can potentially also collect information passing through the router. Detection and analysis of the malware’s network activity is complicated by its use of encryption."

The feds recommends "any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices." They also advise to consider disabling remote management settings on devices, use encryption, upgrade firmer and choose new and different passwords, which is pretty much best practice anyway.

The IC3, formerly known as the Internet Fraud Complaint Center was renamed in October 2003 to include this kind of attack. Their stated mission "is to provide the public with a reliable and convenient reporting mechanism to submit information to the Federal Bureau of Investigation concerning suspected Internet-facilitated criminal activity and to develop effective alliances with law enforcement and industry partners."

Today, that means telling you to reboot your router, so hop to it.
 

Thorsten Meyer

Senior Member
https://www.us-cert.gov/ncas/alerts/TA18-145A

The identified devices affected by VPNFilter: Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices.


If you run any of the affected devices also NAS devices you need to check the vendor for updates and possible malware removal software
 

Thorsten Meyer

Senior Member
Impacted Devices list (not final)
  • Asus:
    RT-AC66U (new)
    RT-N10 (new)
    RT-N10E (new)
    RT-N10U (new)
    RT-N56U (new)
    RT-N66U (new)
    D-Link:
    DES-1210-08P (new)
    DIR-300 (new)
    DIR-300A (new)
    DSR-250N (new)
    DSR-500N (new)
    DSR-1000 (new)
    DSR-1000N (new)
    Huawei:
    HG8245 (new)
    Linksys:
    E1200
    E2500
    E3000 (new)
    E3200 (new)
    E4200 (new)
    RV082 (new)
    WRVS4400N
    Mikrotik:
    CCR1009 (new)
    CCR1016
    CCR1036
    CCR1072
    CRS109 (new)
    CRS112 (new)
    CRS125 (new)
    RB411 (new)
    RB450 (new)
    RB750 (new)
    RB911 (new)
    RB921 (new)
    RB941 (new)
    RB951 (new)
    RB952 (new)
    RB960 (new)
    RB962 (new)
    RB1100 (new)
    RB1200 (new)
    RB2011 (new)
    RB3011 (new)
    RB Groove (new)
    RB Omnitik (new)
    STX5 (new)
    Netgear:
    DG834 (new)
    DGN1000 (new)
    DGN2200
    DGN3500 (new)
    FVS318N new(new)
    MBRN3000 (new)
    R6400
    R7000
    R8000
    WNR1000
    WNR2000
    WNR2200 (new)
    WNR4000 (new)
    WNDR3700 (new)
    WNDR4000 (new)
    WNDR4300 (new)
    WNDR4300-TN (new)
    UTM50 (new)
    QNAP:
    All NAS
    TP-Link:
    R600VPN
    TL-WR741ND (new)
    TL-WR841N (new)
    Ubiquiti:
    NSM2 (new)
    PBE M5 (new)
    Upvel:
    Not known yet(new)
    ZTE:
    ZXHN H108N (new)
 
Last edited:

Shad0wLandsUK

Senior Member
HAHAHA!

'Insert NSA here' literally straight from the book of 'we need you to reboot your router because WE want to monitor your systems more and want to push a packet to you'


Making up fake hacks, to justify more control of personal networks :rolleyes:

This is of course pure speculation and conjecture, but I have my suspicions
 
Top Bottom