Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Wednesday June 06 2018, @10:33PM   Printer-friendly
from the what-about-patches dept.

"The Federal Bureau of Investigation (FBI) is warning that a new malware threat has rapidly infected more than a half-million consumer devices. To help arrest the spread of the malware, the FBI and security firms are urging home Internet users to reboot routers and network-attached storage devices made by a range of technology manufacturers.

"The growing menace — dubbed VPNFilter — targets Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office space, as well as QNAP network-attached storage (NAS) devices, according to researchers at Cisco."

https://krebsonsecurity.com/2018/05/fbi-kindly-reboot-your-router-now-please/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Pino P on Thursday June 07 2018, @11:30AM (4 children)

    by Pino P (4721) on Thursday June 07 2018, @11:30AM (#689815) Journal

    The worm infecting these routers is apparently like the SQL Slammer worm from 2003 [wikipedia.org]. It infects only the copy of the operating system in RAM, not the copy stored in the device's flash memory. Rebooting is the easiest way for a non-technical user to kill the rogue process and reload a fresh copy of the operating system from uninfected flash memory.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by coolgopher on Thursday June 07 2018, @01:41PM (3 children)

    by coolgopher (1157) on Thursday June 07 2018, @01:41PM (#689849)

    Like swatting at flies I'd expect. I haven't seen any update studies, but the last one [sans.edu] gave an unpatched Windows system ~4min before (re-)pwnage. Since then a lot of attacks have switched to target routers, so I'd imagine there'd be a lot of rebooting required to keep it clean...

    • (Score: 2) by Pino P on Thursday June 07 2018, @04:07PM (2 children)

      by Pino P (4721) on Thursday June 07 2018, @04:07PM (#689899) Journal

      The worm gets into some routers via default passwords. Changing the password on your router's admin interface should protect you unless its system software has a vulnerability. But to be sure, I'd recommend adopting these three measures:

      1. Change the router's password to something that isn't one of the most common 10,000
      2. Periodic check for firmware updates that eliminate any vulnerabilities that the worm may use to circumvent a router's password wall
      3. Weekly power cycle to flush out any worms that may have entered through a vulnerability for which your router or modem/router manufacturer has not yet issued an update

      • (Score: 0) by Anonymous Coward on Thursday June 07 2018, @04:40PM (1 child)

        by Anonymous Coward on Thursday June 07 2018, @04:40PM (#689925)

        1. Change the router's password to something that isn't one of the most common 10,000

        Do you know where hunter2 lands on that list? Asking for a friend ...

        • (Score: 0) by Anonymous Coward on Thursday June 07 2018, @07:02PM

          by Anonymous Coward on Thursday June 07 2018, @07:02PM (#690019)

          Not an exact measure, but you can check password usage here: https://haveibeenpwned.com/Passwords [haveibeenpwned.com]