FBI is asking everyone to reboot their routers

Electronics & Technology
1

There is a worldwide infection of various routers, the figures so far point to about 500,000 but no one is really sure. So the FBI released a Public Service Announcement (https://www.ic3.gov/media/2018/180525.aspx) asking everyone to reboot their router/modems. Currently known affected types are from Linksys, MikroTik, Netgear and TP-Link.

There are some further recommendations about what should be done including changing from the default router password used to access it’s administration to something more secure, updating to the latest firmware and also reseting your modem/router.

Many people will not be affected and their routers will be safe, but the FBI asks currently for a reboot so they can trace the infection path and sources.

For more on this situation I have included some other links to read:

5 Likes
2

The list of devices affected has grown and there is no end in sight yet. For a more current list:

"Courtesy of Cisco Talos, here’s a current list of the models that can be affected by VPNFilter. Those identified as new weren’t included in the original report.

Asus

RT-AC66U (new)
RT-N10 (new)
RT-N10E (new)
RT-N10U (new)
RT-N56U (new)
RT-N66U (new)

D-Link

DES-1210-08P (new)
DIR-300 (new)
DIR-300A (new)
DSR-250N (new)
DSR-500N (new)
DSR-1000 (new)
DSR-1000N (new)

Huawei

HG8245 (new)

Linksys

E1200
E2500
E3000 (new)
E3200 (new)
E4200 (new)
RV082 (new)
WRVS4400N

Mikrotik

CCR1009 (new)
CCR1016
CCR1036
CCR1072
CRS109 (new)
CRS112 (new)
CRS125 (new)
RB411 (new)
RB450 (new)
RB750 (new)
RB911 (new)
RB921 (new)
RB941 (new)
RB951 (new)
RB952 (new)
RB960 (new)
RB962 (new)
RB1100 (new)
RB1200 (new)
RB2011 (new)
RB3011 (new)
RB Groove (new)
RB Omnitik (new)
STX5 (new)

Netgear

DG834 (new)
DGN1000 (new)
DGN2200
DGN3500 (new)
FVS318N (new)
MBRN3000 (new)
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200 (new)
WNR4000 (new)
WNDR3700 (new)
WNDR4000 (new)
WNDR4300 (new)
WNDR4300-TN (new)
UTM50 (new)

Qnap

TS251
TS439 Pro
Other QNAP NAS devices running QTS software

TP-Link

R600VPN
TL-WR741ND (new)
TL-WR841N (new)

Ubiquiti

NSM2 (new)
PBE M5 (new)

Upvel

Unknown models (new)

ZTE

ZXHN H108N (new)"

A Factory Reset is now the recommended fix, before doing that be sure to write down the settings you will need to re-input after the reset. These include Wireless Network names (SSIDs) and passwords, make sure they are correctly copied as even a mis-inserted space can mean a lot of extra work in re-setting up wireless devices. As the list is not yet final, if you are at all concerned about the security of your device even if it is not on the current list you are welcome to carry out a Factory Reset as a precaution. No Cisco devices have yet been identified as being affected.

After the Factory Reset, ensure you at least change the password to access the device from the default one to something secure, and it is better to also change the user name to access the device from the default, which is likely to be something like admin, Admin, Administrator or similar.

The malware has now been ascertained to be able to stage man in the middle insertion of malicious code into web pages as they pass through the router/modem or network connected device.

For a more thorough read of the detail:

1 Like