Router Malware Infection – VPNFilter

The FBI wants you to reboot your router NOW to help destroy a botnet
https://www.cnet.com/news/the-fbi-wants-you-to-reboot-your-router-now-to-help-destroy-a-botnet/    
VPNFilter

Remember when the world discovered that over half a million routers have been infected with sophisticated “VPNFilter” malware that could, among other things, cut off access to the internet or be used for Russian spying?

Today, the FBI is asking everyone — yes, everyone — to reboot their routersimmediately. Right now, even. Or maybe after you finish reading this story.

In a public service announcement published Friday and noted by Ars Technica, and a new addition to a US Department of Justice press release, the FBI explains that it’s hoping that your actions will help the US government destroy a botnet before a Russian hacking group, Sofacy, can harden the malware’s defenses.

How would pressing a button on your router help, though? According to the FBI, rebooting your router will destroy the part of the malware that can do nasty things like spy on your activities, while leaving the install package intact. And when that install package phones home to download the nasty part, the FBI will be able to trace that — because the US government says it’s seized a critical domain that the Russian hackers were allegedly using.

The FBI confirmed to CNET that yes, it’s asking every owner of a consumer or small business router to do this. Why not just the infected ones? Because it’s not yet clear how far the infection has spread.

Note that it sounds like you might be taking a bit of a risk by simply rebooting your router, instead of a factory reset that could destroy the malware for good:

“Although devices will remain vulnerable to reinfection with the second stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure,” the FBI writes.

Either way, you might want to consider updating your router’s firmware.

Current but incomplete list:

LINKSYS DEVICES:

E1200
E2500
WRVS4400N

MIKROTIK ROUTEROS VERSIONS FOR CLOUD CORE ROUTERS:

1016
1036
1072

NETGEAR DEVICES:

DGN2200
R6400
R7000
R8000
WNR1000
WNR2000

QNAP DEVICES:

TS251
TS439 Pro

Other QNAP NAS devices running QTS software

 

TP-LINK DEVICES:

R600VPN

 

Leave a Comment

Your email address will not be published. Required fields are marked *

Call Now ButtonCall Us Now Scroll to Top