FBI warns public to reboot Wi-Fi routers to counter 'VPNFilter' malware

Posted:
in General Discussion
The FBI is recommending power cycling Wi-Fi routers as a step to counter "foreign cyber actors" seeding malware known as "VPNFilter."

Linksys WRVS4400N


The malicious code can "perform multiple functions, including possible information collection, device exploitation, and blocking network traffic," according to the FBI's Internet Crime Complaint Center. It can potentially render routers inoperable, and is hard to detect due to use of encryption and "misattributable networks."

Rebooting a router won't kill the malware, but will temporarily disrupt it and may help identify affected hardware, the IC3 said. As a further precaution people may want to disable remote management, use original secure passwords, and make sure they've updated to the latest firmware.

Security firm Symantec indicates that activity suggests the target was originally Ukraine, and specifically industrial control systems. The malware "does not appear to be scanning and indiscriminately attempting to infect every vulnerable device globally," Symantec said.

Affected routers and NAS (network-attached storage) devices are known to include:
  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN
The Justice Department has identified the perpetrators as the "Sofacy Group," which goes by several other names and allegedly targets "government, military, security organizations, and other targets of perceived intelligence value." In trying to defeat VPNFilter, the U.S. has seized a domain associated with a Sofacy botnet.

At present, it does not appear that the AirPort family is affected.

Apple only recently got out of the router market, having let its AirPort line grow stagnant for several years. The company is instead promoting third-party products, particularly the Linksys Velop mesh system.
«1

Comments

  • Reply 1 of 34
    Plot twist - the FBI has just INSTALLED it's own spyware and it needs a reboot to finalise installation. :wink: :lol: 

  • Reply 2 of 34
    SpamSandwichSpamSandwich Posts: 31,410member
    adm1 said:
    Plot twist - the FBI has just INSTALLED it's own spyware and it needs a reboot to finalise installation. :wink: :lol: 

    Regrettably, that’s just as likely.
    anton zuykovolscornchiplolliver
  • Reply 3 of 34
    leavingthebiggleavingthebigg Posts: 1,158member
    adm1 said:
    Plot twist - the FBI has just INSTALLED it's own spyware and it needs a reboot to finalise installation. :wink: :lol: 

    I had a similar thought a few days ago when reading about this reboot request on another site. 
  • Reply 4 of 34
    seanismorrisseanismorris Posts: 1,085member
    “Rebooting the router” isn’t a solution.  That’s the best they could come up with?
    bshankrazorpitlolliver
  • Reply 5 of 34
    techprtechpr Posts: 15member
    At present, it does not appear that the AirPort family is affected.
    Come on Apple. Save US from disaster!!! I will still use my 2 Airports until they die.
    kuduolsjony0crabbyaegeancornchipjdgazrazorpitlolliverwatto_cobra
  • Reply 6 of 34
    zorinlynxzorinlynx Posts: 170member
    This makes me all the more happy that I run my own Linux server as a router as I've been doing since the late 90s.

    It's really hard for me to trust all this router hardware that comes out of China; who knows what kind of backdoors might be installed.
    cornchip
  • Reply 7 of 34
    tallest skiltallest skil Posts: 43,399member
    “Rebooting the router” isn’t a solution.  That’s the best they could come up with?
    With the prevalence of “did you try turning it off and turning it back on” used as a solution to problems, it’s not surprising that they’d put out zero effort crap like this. They’re trying (in vain) to save face from what’s coming for them all.
    lolliver
  • Reply 8 of 34
    command_fcommand_f Posts: 299member
    I thought it was us Brits who were supposed to see the black cloud around every silver lining!

    There is a world-wide malware threat to WiFi routers so the FBI puts out a warning and some easily understood, easily actioned advice to US citizens. Isn't that their job? Isn't that a good thing?

    If you follow the Symantec link in the article, you'll find that the FBI's advice is effective; not 100% effective but nonetheless helpful. Part of the issue here is that people never changed their routers' passwords, with that audience the FBI needed to keep it simple. The bigger fix involves firmware updates and basic security hygiene and the FBI notice goes on to describe this; it may be simple to the audience here but not so much to the world at large.
    gatorguygatorguybonobobavon b7jony0mknelsonbshanklarryacornchipGeorgeBMac
  • Reply 9 of 34
    SoliSoli Posts: 9,272member
    command_f said:
    I thought it was us Brits who were supposed to see the black cloud around every silver lining!

    There is a world-wide malware threat to WiFi routers so the FBI puts out a warning and some easily understood, easily actioned advice to US citizens. Isn't that their job? Isn't that a good thing?

    If you follow the Symantec link in the article, you'll find that the FBI's advice is effective; not 100% effective but nonetheless helpful. Part of the issue here is that people never changed their routers' passwords, with that audience the FBI needed to keep it simple. The bigger fix involves firmware updates and basic security hygiene and the FBI notice goes on to describe this; it may be simple to the audience here but not so much to the world at large.
    I recently set up a Netgeat router for someone. The router SW required me to setup a system password with recovery questions/answers before you could use it as a router. I was pleasantly surprised since my last experience with a Neatgear router a long time ago wasn't as pleasant.
    lolliver
  • Reply 10 of 34
    zorinlynx said:
    This makes me all the more happy that I run my own Linux server as a router as I've been doing since the late 90s.

    It's really hard for me to trust all this router hardware that comes out of China; who knows what kind of backdoors might be installed.
    And yet that Linux machine is most likely running on hardware that was made in China, who knows what backdoors they put into those?

    You can be as paranoid as you want but truth be told you’re one person in 3 billion on this planet and say one person in 1.5 billion on the internet. The probability of you being the target of someone like this is pretty remote unless of course you’ve done something to annoy these people...
    hammeroftruth
  • Reply 11 of 34
    “Rebooting the router” isn’t a solution.  That’s the best they could come up with?
    With the prevalence of “did you try turning it off and turning it back on” used as a solution to problems, it’s not surprising that they’d put out zero effort crap like this. They’re trying (in vain) to save face from what’s coming for them all.
    In terms of Windows a turning it off and turning it on practice does actually fix most problems. Despite the advancements M$ has made with Windows it’s still prone to memory leaks and the way people use their computers this issue becomes more and more likely.
    tallest skillolliver
  • Reply 12 of 34
    tallest skiltallest skil Posts: 43,399member
    lowededwookie said:
    Despite the advancements M$ has made with Windows
    They’ve made advancements? Not to the back-end!
    lolliver
  • Reply 13 of 34
    So they sky is or is not falling?
  • Reply 14 of 34
    rob53rob53 Posts: 2,086member
    zorinlynx said:
    This makes me all the more happy that I run my own Linux server as a router as I've been doing since the late 90s.

    It's really hard for me to trust all this router hardware that comes out of China; who knows what kind of backdoors might be installed.
    I wouldn't blame everything on China, I'm sure all firmware loading is managed by the selling company, along with assistance from the multitude of US 3-letter government associations (as mentioned previously). As for trusting linux with your life, linux is open-source and I'm sure there's a large group of linux programmers based in China as well as in other countries who you wouldn't trust as well. 
    cornchip
  • Reply 15 of 34
    MacMDMacMD Posts: 8member
    Aren’t there like 7.5 billion people on the planet?
    kingofsomewherehotsandor
  • Reply 16 of 34
    MacMD said:
    Aren’t there like 7.5 billion people on the planet?
    Not in the 90s when he started using Linux as a router :wink: 
    randominternetpersonrazorpit
  • Reply 17 of 34
    mattinozmattinoz Posts: 1,141member
    “Rebooting the router” isn’t a solution.  That’s the best they could come up with?
    With the prevalence of “did you try turning it off and turning it back on” used as a solution to problems, it’s not surprising that they’d put out zero effort crap like this. They’re trying (in vain) to save face from what’s coming for them all.
    All IT problem solving basically boils down to more aggressive rebooting.
    Throwing it out the window and buying a new one being the fall option.
  • Reply 18 of 34
    lowededwookie said:
    Despite the advancements M$ has made with Windows
    They’ve made advancements? Not to the back-end!
    Actually Windows 10 is a ground up rewrite unfortunately they decided to keep Win32 apps around which causes many of the issues you’d see. If they did what Apple did and completely ditched backwards compatibility and forced Metro Windows would be so much better.

    You can thank those tosser corporations with in-house crap apps for that stupid decision.
  • Reply 19 of 34
    I believe that the reason they're asking for reboots is so that the can monitor the first stage (persistent through reboots) attempting to download further stages, in order to better understand the infrastructure used by the malware. 
    gatorguy
  • Reply 20 of 34
    GeorgeBMacGeorgeBMac Posts: 5,145member
    Routers:  The new Achilles heel of security systems...

    Is this why Apple got out of the router business --- despite the fact that, for the common user, home networking continues to be a confusing mess that works poorly?

    Apple continues to focus on the home and office environments with MacMini, MacPro, HomePod, AppleTV, etc...  Yet, despite their obvious preference to control all aspects of their products -- integrating hardware, software and cloud -- they abandon the critical networking function, the foundation, that enables them to function.

    Apple ain't dumb.  They don't make many stupid decisions.   So, I suspect that there is a piece to this that we're all missing...
    jdgazpatchythepiraterazorpit
Sign In or Register to comment.