Hackers infect 500,000 consumer routers all over the world with malware [telecom]

Hackers infect 500,000 consumer routers all over the world with malware

VPNFilter can survive reboots and contains destructive "kill" function.

formatting link

***** Moderator's Note *****

I publish security alerts like this one on occasion, depending on severity. This one is very serious.

If you have a router that may be infected:

  1. Connect to your router with an Ethernet cable, and turn off the WiFi. This may seem extreme, but remember that other devices in your neighborhood might be infected.

  1. WRITE DOWN the WiFi SSID and password, the MAC addresses of any device for which you have reserved an IP address, the starting address for the DHCP assignments, and the port list for any DMZ devices. The IP addresses too, of course (don't ask me how I know). Alt-PrtScr is your friend, and "Paint" can be used to paste-and-print this info if you're using Windows: just remember to print or save every page before you do another screen capture if your not able to print the info from your web browser or if you are using telnet or ssh to access the router.

  2. Perform a factory reset (NOT just a reboot!) The router will erase all settings. See number 2 first.

  1. Change the default password. If you check the "Recover password" option, choose hard-to-guess answers to the questions. Likewise, of course, a hard-to-guess password.

  2. Re-install the settings from step 2.

It takes about an hour if you're taking your time, but longer if you don't follow step 2. :-(

Bill Horne Moderator

Reply to
Monty Solomon
Loading thread data ...

Interesting: however the infection can occur either

a) if there is a known password exploit: your step 4 changes it

b) but also: if there is a generic security exploit.

with b) the router will be reinfected again.

Upgrading the firmware should probably be attempted if there is one available.

***** Moderator's Note *****

Did I forget to mention that you need to upgrade the firmware? My router was up-to-date, but it's always important to check.

Bill Horne Moderator

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.