- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
FBI tells router users to reboot now to kill malware infecting 500k devices
Posted on 5/25/18 at 6:10 pm
Posted on 5/25/18 at 6:10 pm
The FBI is advising users of consumer-grade routers and network-attached storage devices to reboot them as soon as possible to counter Russian-engineered malware that has infected hundreds of thousands devices.
LINK
Got damn Russky's at it again?
LINK
quote:
the 14 models known to be affected by VPNFilter, which are:
Linksys E1200
Linksys E2500
Linksys WRVS4400N
Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
Netgear DGN2200
Netgear R6400
Netgear R7000
Netgear R8000
Netgear WNR1000
Netgear WNR2000
QNAP TS251
QNAP TS439 Pro
Other QNAP NAS devices running QTS software
TP-Link R600VPN
Got damn Russky's at it again?
8
Posted on 5/25/18 at 8:42 pm to WONTONGO
Thanks for the heads up. I have an R8000 and this was news to me.
Posted on 5/25/18 at 8:48 pm to WONTONGO
So my Asus nighthawk is fine?
Posted on 5/25/18 at 9:14 pm to VoxDawg
Really enjoying my Ubiquiti Mesh system that I have. Works flawlessly and updates are seamless.
Posted on 5/25/18 at 11:11 pm to Breesus
quote:
Asus nighthawk
I'm pretty sure Netgear makes the nighthawk.
Posted on 5/26/18 at 12:05 am to Breesus
quote:
my Asus nighthawk is fine?
Read the link. The list is of routers they have confirmed are vulnerable. But they say all routers may have the malware.
Posted on 5/26/18 at 12:11 am to WONTONGO
How does a reboot fix this?
Posted on 5/26/18 at 12:18 am to t00f
quote:
How does a reboot fix this?
Only interrupts it. A factory reset and a change of your router login password of your router probably will rid it of the malware. But it may be attacked again. No definitive fix right now.
Posted on 5/26/18 at 12:22 am to Zappas Stache
Yep, and that seems a lot more accurate.
Posted on 5/26/18 at 1:04 pm to WONTONGO
Damn FBI already setting the muh Russians narrative for 2020
Posted on 5/27/18 at 3:58 pm to t00f
quote:
How does a reboot fix this?
I read an article a couple days back. I might mess this up slightly, but the gist:
When a router gets infected with phase 1 of this malware, it will reach out to a site that will then load phase 2 & 3 onto the router which allows it to do whatever the maker intended (steal data, use machine as a bot to attack others, etc.)
FBI just took control of the site that infected routers were reaching out to for phase 2 & 3... So, if you reboot, it purges phase 2 & 3, but phase 1 will still be there... For the moment, since the site phase 1 reached out to is down / under FBI control, your router isn't fully vulnerable, though it still has phase 1.
To really clean the router-- including phase 1-- you need to do a factory reset. This, of course, means you need to be ready to go back in and set up your router again, which can be a pain, and is why officials are saying to at least reboot the device which is better than nothing. (You'll just have the latent phase 1 part which makes you vulnerable if / when the malware maker figures out how to get back in to your machine and reprogram it to go to another site for phase 2 & 3.)
Posted on 5/27/18 at 8:07 pm to epbart
I also saw an article that said to update your firmware and make sure remote management was turned off. (The latter is a default setting).
There should be a sticker on the underside of the router telling you what site to visit for setup. It also has the default username and password in case you do a factory reset.
There should be a sticker on the underside of the router telling you what site to visit for setup. It also has the default username and password in case you do a factory reset.
Posted on 5/27/18 at 10:10 pm to WONTONGO
This kind of sounds like a load of crap.
They don't even know how folks are getting infected? Come on.
They don't even know how folks are getting infected? Come on.
Posted on 5/28/18 at 12:43 am to WONTONGO
Are dd-wrt routers effected I wonder? Whenever I buy a new one, being able to flash open source firmware on there is a must.
Posted on 5/28/18 at 9:15 am to HailToTheChiz
quote:I kind of agree
They don't even know how folks are getting infected? Come on
Posted on 5/28/18 at 10:12 am to HailToTheChiz
quote:
This kind of sounds like a load of crap.
They don't even know how folks are getting infected? Come on.
That's what they said at the onset of the zombie apocalypse.
Posted on 5/28/18 at 10:22 am to ruzil
This post was edited on 5/28/18 at 10:23 am
Posted on 5/28/18 at 10:54 pm to WONTONGO
Soo is this for ATT supplied Gigapower routers?
Posted on 5/29/18 at 8:01 am to TigerTatorTots
was wondering the same thing
Posted on 5/29/18 at 8:29 am to HailToTheChiz
quote:
So, if you reboot, it purges phase 2 & 3, but phase 1 will still be there... For the moment, since the site phase 1 reached out to is down / under FBI control, your router isn't fully vulnerable, though it still has phase 1.
Now I'm not saying I trust the FBI less than Russian hackers or Chinese botnets, but I don't really trust them that much more. How do I know this isn't just a ploy for them to replace the foreign malware with good old American spyware? Isn't the head of the FBI one of the people that has been pushing the hardest for companies like Apple and Google to add backdoors to their systems?
Page 1 of 2
Back to top
Follow TigerDroppings for LSU Football News