The feds want you to reboot router Now! [VPNfilter]

Discussion in 'Industry News' started by Matt777, May 26, 2018.

  1. Matt777

    Matt777 Rock Star

    Oct 17, 2015
    Likes Received:
    Cisco's Talos Intelligence:
    VPNFilter malware targets at least 500K networking devices worldwide (the blog):

    The FBI is asking everyone to reboot their routers immediately. They explain that they're hoping that your actions will help the government destroy a botnet.

    "How would pressing a button on your router help, though? According to the FBI, rebooting your router will destroy the part of the malware that can do nasty things like spy on your activities, while leaving the install package intact. And when that install package phones home to download the nasty part, the FBI will be able to trace that.." -cNet

    So (with my very limited understanding), this kind of bot(net) attack is set up in a way that the "router bot" calls home to some server or something and download instructions (insted of hackers connecting to it and hitting a FW or similar). So is it safe to assume, that the FBI wants the infected routers to "call home", when "reseted"? (AFAIK, they have seized the domain used)

    Can somebody smart shed some light on this one, please. :dunno:
  3. synths4grins

    synths4grins Ultrasonic

    Aug 24, 2017
    Likes Received:
    ars TECHNICA (as usual) has a pretty good write-up on the situation. 14 models known to be affected by VPNFilter are:
    • Linksys E1200
    • Linksys E2500
    • Linksys WRVS4400N
    • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
    • Netgear DGN2200
    • Netgear R6400
    • Netgear R7000
    • Netgear R8000
    • Netgear WNR1000
    • Netgear WNR2000
    • QNAP TS251
    • QNAP TS439 Pro
    • Other QNAP NAS devices running QTS software
    • TP-Link R600VPN
    Others could be too, so the FBI issued the blanket warning to everyone, and asked people to get updates from their manufactures. I also read elsewhere that many of the affected routers were in the Ukraine. My routers stopped getting updates long ago, but they are locked down really well and use 3rd party firmware. Check out:
  4. foster911

    foster911 Guest

    My modem restarts 10 times a day. I don't know it's got infected or out of order. I wish "infected".:bleh: