val2525
Chaos Manager
Posts: 30,778
|
Post by val2525 on May 28, 2018 20:50:16 GMT
Per the FBI. Yes, this is true. It is not fake news. The FBI is advising users of consumer-grade routers and network-attached storage devices to reboot them as soon as possible to counter Russian-engineered malware that has infected hundreds of thousands devices.
Researchers from Cisco’s Talos security team first disclosed the existence of the malware on Wednesday. The detailed report said the malware infected more than 500,000 devices made by Linksys, Mikrotik, Netgear, QNAP, and TP-Link. Known as VPNFilter, the malware allowed attackers to collect communications, launch attacks on others, and permanently destroy the devices with a single command. The report said the malware was developed by hackers working for an advanced nation, possibly Russia, and advised users of affected router models to perform a factory reset, or at a minimum to reboot.
Later in the day, The Daily Beast reported that VPNFilter was indeed developed by a Russian hacking group, one known by a variety of names, including Sofacy, Fancy Bear, APT 28, and Pawn Storm.appleinsider.com/articles/18/05/28/fbi-warns-public-to-reboot-wi-fi-routers-to-counter-vpnfilter-malwarearstechnica.com/information-technology/2018/05/fbi-tells-router-users-to-reboot-now-to-kill-malware-infecting-500k-devices/krebsonsecurity.com/2018/05/fbi-kindly-reboot-your-router-now-please/www.digitaltrends.com/computing/vpnfilter-malware-router-reboot/fortune.com/2018/05/26/fbi-warning-russian-malware-routers/slate.com/news-and-politics/2018/05/fbi-is-asking-everyone-to-reboot-their-routers-to-stop-russian-malware-infection.html
|
|
|
Post by Desire on May 28, 2018 22:06:09 GMT
Our internet provider shut everyone down and sent re-boots to everyone. They have some notice about it somewhere that DS read about.
|
|
|
Post by sunsetpainter on May 28, 2018 22:24:38 GMT
Does this just mean to shut it off and turn it back on again?
|
|
|
Post by chapeaunoir on May 28, 2018 22:30:37 GMT
You want to be careful to reboot and not reset.
I would unplug it rather than just use the power button. Also unplug your modem unless it's all in one. Wait at least 10 seconds, 30-40 seconds is best.
The plug your modem back in. Wait a minute (for re-authentication). Then plug in your router. Again wait a few minutes. You should be ready to go.
All of this waiting between steps is just so that authentication, etc. of IP addresses can be established.
If your router and modem are in the same device it's easier, just unplug, wait a while, then plug back in.
|
|
val2525
Chaos Manager
Posts: 30,778
|
Post by val2525 on May 28, 2018 22:41:50 GMT
Does this just mean to shut it off and turn it back on again?
I just unplugged mine, for the reasons Chap stated. Unplug/plug is like a power failure, so it doesn't mess up the settings. Or that's been my experience anyway.
|
|
|
Post by chapeaunoir on May 28, 2018 22:51:27 GMT
Yes, exactly- it reboots retaining all of your settings, rather than actually resetting, and that's what you want. If you reset, it goes back to factory settings.
|
|
|
Post by chapeaunoir on May 28, 2018 22:51:52 GMT
You can power it down and up again, but actually unplugging it is the surer bet.
|
|
|
Post by denise15601 on May 28, 2018 23:19:16 GMT
Thanks for the info. I called Comcast internet and the rep said that she doesn't see any warnings. Okay. Whatever. Hopefully I am protected.
|
|
val2525
Chaos Manager
Posts: 30,778
|
Post by val2525 on May 28, 2018 23:33:32 GMT
I'd still unplug the router, Denise, and plug it back in. Easy peasy and you'd know you're in the clear. CSRs don't know everything - eBay is a perfect example. (So is Cox, Century Link, Comcast, etc LOL)
|
|
Shirley U Geste
Chaos Manager
Cats, cats, cats and more cats!!
Posts: 10,382
|
Post by Shirley U Geste on May 28, 2018 23:52:27 GMT
It was on NBC, CBS & ABC news tonight.
Comcast never knows what they are doing, taking advice from them never turns out well.
|
|
val2525
Chaos Manager
Posts: 30,778
|
Post by val2525 on May 29, 2018 0:13:14 GMT
I was at Cox website earlier, not a peep from them. No email either.
|
|
Shirley U Geste
Chaos Manager
Cats, cats, cats and more cats!!
Posts: 10,382
|
Post by Shirley U Geste on May 29, 2018 0:37:37 GMT
They are probably afraid the customers will think it's the companies fault & change their service.
Rebooting is no big deal, I do it every other Saturday anyway on the advice of some IT people.
|
|
kritter
Mod Squad
When we lose sight of how we treat animals, we tend to lose sight of our humanity
Posts: 19,901
|
Post by kritter on May 29, 2018 0:47:54 GMT
No email from At&T but I didn't check their website.
|
|
|
Post by denise15601 on May 29, 2018 2:09:12 GMT
Thanks, I did reset it. Had to practically stand on my head to find which cord was the power one, since the cords are short. Then pulled the plug from my power strip.
Note to self: Vacuum around the power strip and wires under my desk. ugh.
|
|
|
Post by titus730 on May 29, 2018 16:21:50 GMT
Denise, I went to Xfinity, Comcast's website, and checked my messages. Nothing from Comcast. But I then went into the forums and people there are asking about it.
|
|
|
Post by denise15601 on May 29, 2018 16:31:18 GMT
Thanks Titus. Wonder if it is regional? I didn't hear anything on my news stations.
|
|
val2525
Chaos Manager
Posts: 30,778
|
Post by val2525 on May 29, 2018 18:28:54 GMT
It's national news. It's also coming from the FBI, so it's legit. The links I posted in my OP are reputable technical websites. They don't post fake.
Which is why I'm surprised the internet providers aren't being proactive about it. Eventually the press will pick up on that and ask why.
|
|
|
Post by chapeaunoir on May 29, 2018 18:33:17 GMT
It was in the print press here, but I'm surprised that it's not more reported, too. There's a lot of potential for harm here, and the fix is so easy.
Ars Technica is the site that a lot of higher level IT people use - the DH has followed it for years.
|
|
|
Post by denise15601 on May 29, 2018 19:16:07 GMT
Our Channel 4 news just announced it about an hour ago. It is amazing that I read about it here a day ago.
Kudos to you Val!!!!
|
|
val2525
Chaos Manager
Posts: 30,778
|
Post by val2525 on May 29, 2018 19:25:48 GMT
LOL! It was already 4 days old when I caught wind of it, from a FB post by a friend of mine.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on May 31, 2018 11:06:30 GMT
Maybe this is why Centurylink makes me reboot 20 times a day to get the internet to work. All this time I thought I had crappy internet service but it was really to throw off the Russians. Brilliant, we are probably the most protected town around.
|
|
val2525
Chaos Manager
Posts: 30,778
|
Post by val2525 on May 31, 2018 18:53:40 GMT
Out of curiosity, peek, how old is the modem you're using? If it's more than a year or two, that could be part of the problem. I was using an old CenturyLink modem in ABQ and started having to do that. I'd had it for 7 or so years and it was old when I got it. I upgraded to a newer modem they had and it made a huge difference in my internet service and speed.
|
|