AudioCircle

Community => Non-audio hobbies and interests => The IT Crowd => Topic started by: WGH on 28 May 2018, 06:25 pm

Title: Reboot Your Router to Stop Russia-Linked Malware
Post by: WGH on 28 May 2018, 06:25 pm

Unlike the earlier post "Not far from a world computer crisis... Thanks Intel", this is actually something everyone can do to save the world as we know it.

May 27, 2018

F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware
https://www.nytimes.com/2018/05/27/technology/router-fbi-reboot-malware.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=first-column-region&region=top-news&WT.nav=top-news (https://www.nytimes.com/2018/05/27/technology/router-fbi-reboot-malware.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=first-column-region&region=top-news&WT.nav=top-news)

"Hoping to thwart a sophisticated malware system linked to Russia that has infected hundreds of thousands of internet routers, the F.B.I. has made an urgent request to anybody with one of the devices: Turn it off, and then turn it back on.

The malware is capable of blocking web traffic, collecting information that passes through home and office routers, and disabling the devices entirely, the bureau announced on Friday."

“The malware has a destructive capability that can render an infected device unusable,” it said, “which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.”

Title: Re: Reboot Your Router to Stop Russia-Linked Malware
Post by: WGH on 28 May 2018, 06:32 pm

Routers effected by the VPNFilter (so far)
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware (https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware)

    Linksys E1200
    Linksys E2500
    Linksys WRVS4400N
    Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
    Netgear DGN2200
    Netgear R6400
    Netgear R7000
    Netgear R8000
    Netgear WNR1000
    Netgear WNR2000
    QNAP TS251
    QNAP TS439 Pro
    Other QNAP NAS devices running QTS software
    TP-Link R600VPN

Title: Re: Reboot Your Router to Stop Russia-Linked Malware
Post by: nature boy on 28 May 2018, 06:39 pm

Thanks, done.

NB

Title: Re: Reboot Your Router to Stop Russia-Linked Malware
Post by: FullRangeMan on 28 May 2018, 06:40 pm

In the 1980s when computers had only DOS system-no Windows yet, my boss goes to a computer fair abroad where he get a diskette from Norton Company with a small anti virus pgm, the following month in the Computerworld journal was a small note informing that the diskete actually contained a virus program to contaminate computers.

Title: Re: Reboot Your Router to Stop Russia-Linked Malware
Post by: Wind Chaser on 28 May 2018, 07:32 pm

My router (Netgear Nighthawk AC1900) isn't on the list but it's still a good idea to take precaution. Thank you for bringing this to our attention. Damn those Russians and God bless the FBI!

Title: Re: Reboot Your Router to Stop Russia-Linked Malware
Post by: Bob_Brines on 28 May 2018, 07:41 pm

Quote from: Wind Chaser on 28 May 2018, 07:32 pm

My router (Netgear Nighthawk AC1900) isn't on the list....

Oh yes it is!

Nighthawk AC1900 = R7000. I have one too. Downloaded new firmware and rebooted.

[/size][/color]

[/size][/color]

Bob

Title: Re: Reboot Your Router to Stop Russia-Linked Malware
Post by: Wind Chaser on 28 May 2018, 07:45 pm

Quote from: Bob_Brines on 28 May 2018, 07:41 pm

Oh yes it is! Nighthawk AC1900 = R7000. I have one too. Downloaded new firmware and rebooted.

New FW? Thanks for pointing that out!  :thumb:

Title: Re: Reboot Your Router to Stop Russia-Linked Malware
Post by: WGH on 28 May 2018, 09:51 pm

Found this memo from the Internet of Things Department:

As long as you are updating your routers...

KRACK Fixes - the key reinstallation attack is a devastating flaw in Wi-Fi’s WPA security protocol makes it possible for attackers to eavesdrop on your data when you connect to Wi-Fi. Dubbed KRACK, the issue affects the Wi-Fi protocol itself—not specific products or implementations—and “works against all modern protected Wi-Fi networks,” according to Mathy Vanhoef, the researcher that discovered it. That means that if your device uses Wi-Fi, KRACK likely impacts it. Fortunately, major tech companies are moving quickly to patch the issue.

The attacker can eavesdrop on all traffic you send over the network. “This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on."

Newer phones running Android 6.0 or later are actually more at risk since there is an existing vulnerability in the code that compounds the issue and makes it easier to “intercept and manipulate traffic.” Patches started rolling out on Nov. 6th for Pixel and Nexus devices but it could take weeks or even months for Android hardware makers and cellular providers to validate and deploy the patch to other phones and tablets. Many devices, especially older ones, may never receive the update.

Other devices that can leave your network wide open if not patched include:
Wemo Switch
Wemo Motion Sensor
Wemo Light Switch
Wemo Link
Wemo Insight
Wemo Dimmer   Released 2/6/18:  firmware 2.00.11036
Wemo Mini
Wemo Slow Cooker   
Wemo Humidifier
Wemo Coffee Maker
Wemo Heater
Wemo Netcam HD+
Wemo Netcam Night Vision