Published: Thu, May 31, 2018
Electronics | By Kelly Massey

Reboot routers to avoid Russia-linked malware

Reboot routers to avoid Russia-linked malware

The FBI is urging everyone to reboot their internet routers.

The FBI sent out an advisory Friday warning that "foreign cyber actors" have "used VPNFilter malware to target small office and home office routers". Investigators believe hackers might plan to use the routers to launch a larger cyber attack in America. "Detection and analysis of the malware's network activity is complicated by its use of encryption".

"The size and scope of the infrastructure impacted is significant", says the alert. "The initial infection vector for this malware is now unknown". Rebooting can aid in identifying infected systems. And when that install package phones home to download the nasty part, the Federal Bureau of Investigation will be able to trace that - because the United States government says it's seized a critical domain that the Russian hackers were allegedly using. Those attacks had apparently been occurring for at least a year before being discovered. In addition, router owners are advised to consider disabling remote management settings on devices, and secure with strong passwords and encryption when enabled.

"The malware can also be leveraged to collect data that flows through the device".

Elon Musk's Twitter Tirade Is the Dumbest Thing on Wall Street
Musk has been outspoken about the criticism Tesla has received, and the media's reporting on it. The negative review arrives amid a blitz of negative Tesla headlines.

Sofacy is accused of infecting devices with malware called "VPNFilter" in more than 50 countries, with the most immediate target for further action believed to have been Ukraine, Reuters reported. Each requires the previous stage to be in place in order to function, and as of right now, stage 2 and higher are short-circuited by a reboot of the device.

'The malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide, ' Talos said in its report. This will wipe out the malware, but will also reset all your configuration settings to default.

If you are interested in all the technical details, Symantec has a good write-up on VPNFilter that includes all the known affected devices. QNAP also has an advisory showing step-by-step instructions of what to do if running an infected QNAP NAS.

Like this: