The hackers are using VPNFilter malware to target small office and home office routers, the FBI said. "VPNFilter is able to render small office and home office routers inoperable," the FBI warns. "The malware can potentially also collect information passing through the router. Detection and analysis of the malware's network activity is complicated by its use of encryption."

The feds recommends "any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices." They also advise to consider disabling remote management settings on devices, use encryption, upgrade firmware and choose new and different passwords, which is pretty much best practice anyway.

The IC3, formerly known as the Internet Fraud Complaint Center was renamed in October 2003 to include this kind of attack. Their stated mission "is to provide the public with a reliable and convenient reporting mechanism to submit information to the Federal Bureau of Investigation concerning suspected Internet-facilitated criminal activity and to develop effective alliances with law enforcement and industry partners."

Last week , the FBI sent out a warning: Reboot your router because a dangerous piece of malware, VPNFilter, has compromised hundreds of thousands of them.

If you did that, good. If not, do it now. But if you really want to be rid of the cyberscourge, you'll have to go a little further and reset your device to its factory settings.

VPNfilter is a nasty little bugger that could spy on your internet traffic or even brick your router. But before it can do any of that, it has to load itself up.

The malware comes in three stages. Stage one infects the router and lays the foundation for the funny business. Once established, stage one finds and downloads stage two, which is the real meat of the problem. Stage two is the software engine that can start messing around with and slurping up your data, including browser history, usernames, and passwords. Stage three is the icing on the cake. It comes in various forms that modify the capabilities of the main hacking engine, stage two.

In an announcement on Friday, the FBI recommended rebooting your router. That's smart, but it removes only stages two and three, leaving stage one to call out to its masters and redownload its business end. This isn't oversight on the FBI's part. As the bureau's statement notes (emphasis ours):

The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices.

By rebooting our routers in mass, we are not only forcing the infected ones to identify themselves by calling to their masters for a re-download of stages one and two, but also lighting up the distribution network, which will have to work overdrive to deliver all these packages at once. It's a smart strategy, especially if the FBI can solve the root problem. But in the meantime your router might remain infected, and there is, as of this writing, no good way to check.

Factory Settings

To disinfect your router completely, do a full factory reset. Important: Before you begin, search for and save any instructions you may need to get the router connected again so you have them on hand.

The reset process varies from router to router, but generally involves a button on the back labeled "Reset" or "Factory Reset" that needs to be held down with a paperclip for about ten seconds.

Once your router is fresh and clean, you'll want to change its password and upgrade its firmware if there's an update available. Again, this varies from router to router so look up your specific model, but the general instructions are to:

  1. Connect your computer to your router (with and ethernet cable if possible)
  2. Point your web browser to your router's control panel page (usually by putting the address 192.681.1.1 in the address bar)
  3. Login to the router's control panel using the default username/password (usually some combination of the words 'admin' and 'password')

From there, poke around or refer to your router manufacturer's official instructions.


Computer/Internet Services

share Share
Comment this post
Your Name:
Verification Number
Latest Posts  
©  2024 Zbynet, Inc