Hackers infect 500,000 consumer routers all over the world with malware [telecom]

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hackers infect 500,000 consumer routers all over the world with malware

VPNFilter can survive reboots and contains destructive "kill" function.

https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/

***** Moderator's Note *****

I publish security alerts like this one on occasion, depending on severity. This one is very serious.  

If you have a router that may be infected:

1. Connect to your router with an Ethernet cable, and turn off the
   WiFi. This may seem extreme, but remember that other devices in
   your neighborhood might be infected.

2. WRITE DOWN the WiFi SSID and password, the MAC addresses of any
   device for which you have reserved an IP address, the starting
   address for the DHCP assignments, and the port list for any DMZ
   devices. The IP addresses too, of course (don't ask me how I
   know). Alt-PrtScr is your friend, and "Paint" can be used to
   paste-and-print this info if you're using Windows: just remember to
   print or save every page before you do another screen capture if
   your not able to print the info from your web browser or if you are
   using telnet or ssh to access the router.

3. Perform a factory reset (NOT just a reboot!) The router will erase
   all settings. See number 2 first.

4. Change the default password. If you check the "Recover password"
   option, choose hard-to-guess answers to the questions. Likewise, of
   course, a hard-to-guess password.

5. Re-install the settings from step 2.  

It takes about an hour if you're taking your time, but longer if you don't follow step 2. :-(

Bill Horne
Moderator

Re: Hackers infect 500,000 consumer routers all over the world with malware [telecom]
Quoted text here. Click to load it

Interesting: however the infection can occur either

   a) if there is a known password exploit: your step 4 changes it

   b) but also: if there is a generic security exploit.

with b) the router will be reinfected again.

Upgrading the firmware should probably be attempted if there
is one available.

***** Moderator's Note *****

Did I forget to mention that you need to upgrade the firmware? My
router was up-to-date, but it's always important to check.

Bill Horne
Moderator

Site Timeline