Malware on home routers - Check yours

[Trigger Time]

At this point I'd bring in my son to help, but he's "hanging out with friends" and will be home sometime. If your router is from AT&T it may do automated firmware updates like my parent's system. I your router from somewhere other than AT&T?

Nope it's all att. I just say I want this, pay them and they deliver and install lol

 

[mom45]

I just got a new router about a month ago from CenturyLink. It appears to be a ZyXEL and not on the list.

 

[hoosierdoc]

Why does rebooting fix it? Wouldn’t You need a patch?

i’m being Told my Netflix account is signed in to Vietnam and somewhere else in the last few days

 

[Cameramonkey]

Why does rebooting fix it? Wouldn’t You need a patch?

i’m being Told my Netflix account is signed in to Vietnam and somewhere else in the last few days

1: The hackers were able to take over the routers, but it wasnt persistent. If you rebooted they would have to hit you again to make your router connect to their C&C servers. The feds busted them and took over the C&C server so they were able to stop the threat. (or at least the part that initiates the control and makes the router be a zombie) Rebooting disconnects the router and makes it run normally again. After the reboot it would no longer be vulnerable.

Change your Netflix password. That is a different problem altogether.

 

[KLB]

Why does rebooting fix it? Wouldn’t You need a patch?

i’m being Told my Netflix account is signed in to Vietnam and somewhere else in the last few days

It actually doesn't. It clears the running program out of memory. You need to upgrade the router firmware to actually fix it.

 

[Hatin Since 87]

Start watching a bunch of Vietnam movies so it shows up in their feed. Full metal jacket, we were soldiers, etc etc.

 

[bwframe]

I bought one of those NetReset timers a couple years ago that reboots the router and modem every day. I works pretty good, but occasionally the router gets stuck and needs a second reboot.

I'm shocked in looking the NetReset back up on Amazon. It's price has more than doubled.

 

[Cameramonkey]

I bought one of those NetReset timers a couple years ago that reboots the router and modem every day. I works pretty good, but occasionally the router gets stuck and needs a second reboot.

I'm shocked in looking the NetReset back up on Amazon. It's price has more than doubled.

This works better. I use them at all my remote sites. If it cant get to the web, it reboots your gear in case that is the cause. (but it doesnt needlessly cycle the gear)

https://3gstore.com/product/6081_2_outlet_ip_switch.html

Avoid the 1 port unit. It requires a smartphone to config and relies on their cloud server to operate. (they go out of business, you have a useless brick)

 

[Cameramonkey]

Just reboot it can’t hurt.

Your router usnt on The list... yet.

yet

the list has expanded [STRIKE]twice[/STRIKE]. Thrice.

why not be ahead of the curve and fix an unknown vulnerability before you know it was there?

it has only upsides. Computer stuff likes to be rebooted. Go ahead and do it. It’s easy.

Called it.


Why havent you rebooted?


https://nakedsecurity.sophos.com/20...outers-affected-by-vpnfilter-just-got-bigger/

 

[jkaetz]

Called it.


Why havent you rebooted?

Because AT&T's gateway isn't impacted, because rebooting without a patch would just get attacked again.

I fail to see the point in rebooting without a patch to prevent re-infection. I also have yet to see good info on mitigation steps until there is a patch. Until then if you have a router on the list you might as well turn it off and disconnect from the internet or buy a new router.

Rebooting a router sans patch would be the functional equivalent of rebuilding a windows 2000 machine infected with code red without already having the code red patch applied. As soon as it was rebuilt it would be infected again.

 

[Cameramonkey]

But rebooting at least stops the current code that may be running. And the feds already killed the C&C server that was the big threat.

Yes, they need to update as well to mitigate the future threat.
And the att router isnt on the list... YET.


It doesnt hurt to reboot if they arent as smart as you are to know for sure they are not affected.

 

[rhino]

This works better. I use them at all my remote sites. If it cant get to the web, it reboots your gear in case that is the cause. (but it doesnt needlessly cycle the gear)

https://3gstore.com/product/6081_2_outlet_ip_switch.html

Avoid the 1 port unit. It requires a smartphone to config and relies on their cloud server to operate. (they go out of business, you have a useless brick)

The feature of being able to turn off the power to your router on a timer/schedule is interesting. That could keep you 100% from outside troublemakers when you know you don't need to use your wifi, like when you're at work or sleeping.

 

[hoosierdoc]

My power has died a few times, does that count?

 

[jkaetz]

And the att router isnt on the list... YET.

True, though there's little I would be able to do about it even if it was vulnerable. Not to mention the backlash and massive potential botnet if it is discovered that vendor provided and required equipment can be compromised.

To me the bigger issue is that there are all of these routers out there that have a known vulnerability and will be attacked again even of the current source has been stopped. I'm surprised the current malware doesn't self replicate given that it doesn't require any action on the end user's part, just a device connected to the network.

 

[KLB]

Many of the devices that are vulnerable are vendor supplied. Hopefully those vendors have plans to upgrade the vulnerable devices.