Federal Bureau of Investigation urging people to reboot routers, due to malware threat

Adjust Comment Print

The malware collects traffic sent through the infected routers and scrape it for data like login credentials.

The FBI issued an urgent bulletin, asking anyone with a home or small business internet router to turn them on and back off again to temporarily stop the spread of malware linked to Russian Federation.

Talos, in its blog post Wednesday, said that the computer code used in the malware shows significant overlap with a malware that was responsible for multiple large-scale attacks that targeted devices in Ukraine.


"They can spy on you", Edward Stroz of risk management firm Stroz Friedberg - Aon and the former head of New York City's Federal Bureau of Investigation computer crime squad, said in an interview with CBS News' John Schiumo. And what malware would be complete without the ability to be used to participate in attacking other devices too?

The group has been operating since 2007 under the names "Fancy Bear", "apt28" and "sednit", among others, according to the Department of Justice. The FBI, however, may have a surprisingly easy fix for the problem: switch your router off, then turn it on again. VPNFilter's first stage reaches out to command and control servers to get the second stage of the malware.

So if you're using a newer device, still take the 30 seconds or so to reset, but you may already be in the clear. According to investigators, the VPNFilter malware was created by the same Russian-linked hackers who infiltrated the Democratic National Committee ahead of the 2016 US presidential election. The administrative page of most commercial routers can be accessed by typing 192.168.1.1, or 192.168.0.1 into a Web browser address bar.


A similar malware compromised half-million internet-connected routers in the Ukraine. If you can, make sure the devices are operating the most up-to-date version of the firmware. WPA2 is the strongest encryption technology available in most modern routers, followed by WPA and WEP (the latter is fairly trivial to crack with open source tools, so don't use it unless it's your only option). Typically, remote administration is disabled by default.

You should check with your hardware vendor for information on how to reboot your router and install new software updates.


Comments