The hackers are using VPNFilter malware to target
small office and home office routers, the FBI said. "VPNFilter is able
to render small office and home office routers inoperable," the FBI
warns. "The malware can potentially also collect information passing
through the router. Detection and analysis of the malware's network
activity is complicated by its use of encryption."
feds recommends "any owner of small office and home office routers
reboot the devices to temporarily disrupt the malware and aid the
potential identification of infected devices." They also advise to
consider disabling remote management settings on devices, use
encryption, upgrade firmware and choose new and different passwords,
which is pretty much best practice anyway.
IC3, formerly known as the Internet Fraud Complaint Center was renamed
in October 2003 to include this kind of attack. Their stated mission "is
to provide the public with a reliable and convenient reporting
mechanism to submit information to the Federal Bureau of Investigation
concerning suspected Internet-facilitated criminal activity and to
develop effective alliances with law enforcement and industry partners."
, the FBI sent out a warning: Reboot your router because a dangerous piece of malware, VPNFilter, has compromised hundreds of thousands of them.
you did that, good. If not, do it now. But if you really want to be rid
of the cyberscourge, you'll have to go a little further and reset your
device to its factory settings.
is a nasty little bugger that could spy on your internet traffic or even
brick your router. But before it can do any of that, it has to load
The malware comes in three stages.
Stage one infects the router and lays the foundation for the funny
business. Once established, stage one finds and downloads stage two,
which is the real meat of the problem. Stage two is the software engine
that can start messing around with and slurping up your data, including
browser history, usernames, and passwords. Stage three is the icing on
the cake. It comes in various forms that modify the capabilities of the
main hacking engine, stage two.
announcement on Friday, the FBI recommended rebooting your router.
That's smart, but it removes only stages two and three, leaving stage
one to call out to its masters and redownload its business end. This
isn't oversight on the FBI's part. As the bureau's statement notes
The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices.
rebooting our routers in mass, we are not only forcing the infected
ones to identify themselves by calling to their masters for a
re-download of stages one and two, but also lighting up the distribution
network, which will have to work overdrive to deliver all these
packages at once. It's a smart strategy, especially if the FBI can solve
the root problem. But in the meantime your router might remain infected, and there is, as of this writing, no good way to check.
To disinfect your router completely, do a full factory reset. Important:
Before you begin, search for and save any instructions you may need to
get the router connected again so you have them on hand.
reset process varies from router to router, but generally involves a
button on the back labeled "Reset" or "Factory Reset" that needs to be
held down with a paperclip for about ten seconds.
your router is fresh and clean, you'll want to change its password and
upgrade its firmware if there's an update available. Again, this varies
from router to router so look up your specific model, but the general
instructions are to:
- Connect your computer to your router (with and ethernet cable if possible)
- Point your web browser to your router's control panel page (usually by putting the address 192.681.1.1 in the address bar)
to the router's control panel using the default username/password
(usually some combination of the words 'admin' and 'password')
From there, poke around or refer to your router manufacturer's official instructions.