Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
FBI urging people to reboot or reset and update the firmware of their home routers.
https://arstechnica.com/information-technology/2018/05/fbi-tells-router-users-to-reboot-now-to-kill-malware-infecting-500k-devices/
"The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware."
The article also lists routers by make/model of the more vulnerable ones.
"The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware."
The article also lists routers by make/model of the more vulnerable ones.
"I used to think the worst thing in life was to be all alone. It's not. The worst thing in life is to end up with people who make you feel all alone." Robin Williams
Comments
"We all do the best we can based on life experience, point of view, and our ability to believe in ourselves." - Naropa "We don't see things as they are, we see them as we are." SR Covey
Then on top of that most people unbox the ones they get at walmart and simply plug them in without reconfiguring anything, leaving the admin interface open to the internet with the default password.
Then, if that wasn't crazy enough, most of these firmwares contains a backdoor in the binaries which allows anyone to log in with a factory password to allow tech support to log in to them over the internet.
Essentially, if you have any brandname home router, wifi, modem, or anything then you are either already hacked or you will be hacked soon.
Almost all modern day botnets run on home broadband routers. Its easier to hack them than to hack the computers behind them and they are usually connected directly to the internet which makes blocking ports impossible.
But yep I always keep mine updated and back-Up of odler Firmware as well.
Oh and I actually pointed this out to the employee at the place, they didn't even know what the device was lol.
LI-ION battery packs, and Servers ON A Stick are easy enough to plugin to modems and IMO do some pretty good, or bad things, there is always good with technology but you can't leave your stuff exposed to possibly attacks.
This isn't a signature, you just think it is.
"We all do the best we can based on life experience, point of view, and our ability to believe in ourselves." - Naropa "We don't see things as they are, we see them as we are." SR Covey
"We all do the best we can based on life experience, point of view, and our ability to believe in ourselves." - Naropa "We don't see things as they are, we see them as we are." SR Covey
The FBI recommendation is to reboot your router. Not reboot your router only if it's on this list.
"We all do the best we can based on life experience, point of view, and our ability to believe in ourselves." - Naropa "We don't see things as they are, we see them as we are." SR Covey
"We all do the best we can based on life experience, point of view, and our ability to believe in ourselves." - Naropa "We don't see things as they are, we see them as we are." SR Covey
The malware can just log into your router and upload the older firmware from the admin interface and then use that to get RCE.
Also, there are typically at least over 9000 RCE vulnerabilities on home routers anyways.
If you want a secure router, get one with OpenWRT (essentially home router linux) that has a well studied security footprint.
Essentially what VPNfilter is is a botnet worm. It infects routers and downloads an IP address hidden in photobucket images. That IP connects it to a command and control server that instructs it to download more software, erase the firmware (brick the router), or DDOS something.
Its actually one of many such botnets out there that do the same thing. Most home router malware take the easy road and just log into the routers and upload a new firmware file with the malware preinstalled. Apparently there is some RCE vuln that VPNFilter uses but nobody has explained it to me yet. Apparently its been around since 2016.
They claim that its from Russia but their only proof is an IP address which proves nothing.
You can sit in your room in Wisconsin and SOCKS tunnel through a server anywhere in the world and have something attributed to whichever country you'd like. You can even through in some Russian text inside the binary for good measure.