SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    FBI says to reboot router...Russian hacking group botnet
Page 1 2 
Go
New
Find
Notify
Tools
Reply
  
FBI says to reboot router...Russian hacking group botnet Login/Join 
Member
Picture of erj_pilot
posted
Remember when the world discovered that over half a million routers have been infected with sophisticated "VPNFilter" malware that could, among other things, cut off access to the internet or be used for Russian spying?

Today, the FBI is asking everyone -- yes, everyone -- to reboot their routers immediately. Right now, even. Or maybe after you finish reading this story.

In a public service announcement published Friday and noted by Ars Technica, and a new addition to a US Department of Justice press release, the FBI explains that it's hoping that your actions will help the US government destroy a botnet before a Russian hacking group, Sofacy, can harden the malware's defenses.

How would pressing a button on your router help, though? According to the FBI, rebooting your router will destroy the part of the malware that can do nasty things like spy on your activities, while leaving the install package intact. And when that install package phones home to download the nasty part, the FBI will be able to trace that -- because the US government says it's seized a critical domain that the Russian hackers were allegedly using.

The FBI confirmed to CNET that yes, it's asking every owner of a consumer or small business router to do this. Why not just the infected ones? Because it's not yet clear how far the infection has spread.

Note that it sounds like you might be taking a bit of a risk by simply rebooting your router, instead of a factory reset that could destroy the malware for good:

"Although devices will remain vulnerable to reinfection with the second stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure," the FBI writes.

Either way, you might want to consider updating your router's firmware.

https://www.cnet.com/news/the-...lp-destroy-a-botnet/

I'm just recalcitrant enough to not do a damned thing the "FBI" recommends. What do our resident computer experts have to say about this?? I take great care to keep my router's firmware updated, which I did about 5 minutes ago.



"If you’re a leader, you lead the way. Not just on the easy ones; you take the tough ones too…” – MAJ Richard D. Winters (1918-2011), E Company, 2nd Battalion, 506th Parachute Infantry Regiment, 101st Airborne

"Woe to those who call evil good, and good evil... Therefore, as tongues of fire lick up straw and as dry grass sinks down in the flames, so their roots will decay and their flowers blow away like dust; for they have rejected the law of the Lord Almighty and spurned the word of the Holy One of Israel." - Isaiah 5:20,24
 
Posts: 11066 | Location: NW Houston | Registered: April 04, 2012Reply With QuoteReport This Post
Void Where Prohibited
Picture of WaterburyBob
posted Hide Post
They probably want you to reboot your router so their tracking software can be loaded ...
Eek



"If Gun Control worked, Chicago would look like Mayberry, not Thunderdome" - Cam Edwards
 
Posts: 16682 | Location: Under the Boot of Tyranny in Connectistan | Registered: February 02, 2005Reply With QuoteReport This Post
God will always provide
Picture of Fla. Jim
posted Hide Post
Well I'd maybe would have rebooted if I knew this 6 days ago when the "do it now" was published. Now probably to late. Even if it's real. FBI is not held to a lot of trust to me anymore.
 
Posts: 4455 | Location: White City, Florida | Registered: January 11, 2009Reply With QuoteReport This Post
quarter MOA visionary
Picture of smschulz
posted Hide Post
It's probably the FBI blaming the Russians.
The FBI has lost a lot of credibility. Frown
 
Posts: 23309 | Location: Houston, TX | Registered: June 11, 2006Reply With QuoteReport This Post
Member
posted Hide Post
When I rebooted, my computer screen kept coming up with the message "Crooked Hillary....Crooked Hillary...Crooked Hillary..."

I think I will change my vote to Trump, just to be safe!


"Crom is strong! If I die, I have to go before him, and he will ask me, 'What is the riddle of steel?' If I don't know it, he will cast me out of Valhalla and laugh at me."
 
Posts: 6641 | Registered: September 10, 2007Reply With QuoteReport This Post
Member
posted Hide Post
FWIW my corporate IT sent an email this morning asking everyone to reboot and change router password.
 
Posts: 2094 | Location: Just outside of Zion and Bryce Canyon NP's | Registered: March 18, 2012Reply With QuoteReport This Post
Peace through
superior firepower
Picture of parabellum
posted Hide Post
Fuck the FBI and their stupid fucking warnings. I wouldn't trust those assholes to figure out how to start a lawnmower.

I no longer trust the FBI and I do not believe the FBI about anything anymore and that is not going to change. Not going to change. Nothing but a bunch of political hacks who have tried and are trying to subvert the government of this nation. The FBI should be disbanded, cleaned out from top to bottom and some new organization should take their place, and they should not be called the FBI. That name is now permanently corrupted.

I could not be more serious.

I'm not rebooting jack shit and I laugh at your warning, you bunch of crooks. Piss on your freakin' warnings.


____________________________________________________

"I am your retribution." - Donald Trump, speech at CPAC, March 4, 2023
 
Posts: 109643 | Registered: January 20, 2000Reply With QuoteReport This Post
Member
posted Hide Post
Is pulling the power connector plug off the router for a minute & reconnecting the same as rebooting?
 
Posts: 3237 | Location: Middle Earth, Rivendell | Registered: November 13, 2010Reply With QuoteReport This Post
Member
Picture of Storm
posted Hide Post
quote:
Originally posted by Powers77:
FWIW my corporate IT sent an email this morning asking everyone to reboot and change router password.


Just to be clear. Did they mean the wireless encryption key, or the administrator password for the router?



Loyalty Above All Else, Except Honor

ΜΟΛΩΝ ΛΑΒΕ
 
Posts: 3873 | Location: Colorado | Registered: December 19, 2003Reply With QuoteReport This Post
Member
Picture of Storm
posted Hide Post
quote:
Originally posted by rpm2010:
Is pulling the power connector plug off the router for a minute & reconnecting the same as rebooting?


Yes. Usually, leave it powered down for around 60 seconds, before powering it back up.



Loyalty Above All Else, Except Honor

ΜΟΛΩΝ ΛΑΒΕ
 
Posts: 3873 | Location: Colorado | Registered: December 19, 2003Reply With QuoteReport This Post
Doing what I want,
When I want,
If I want!
Picture of beltfed21
posted Hide Post
quote:
Originally posted by parabellum:
Fuck the FBI and their stupid fucking warnings. I wouldn't trust those assholes to figure out how to start a lawnmower.

I no longer trust the FBI and I do not believe the FBI about anything anymore and that is not going to change. Not going to change. Nothing but a bunch of political hacks who have tried and are trying to subvert the government of this nation. The FBI should be disbanded, cleaned out from top to bottom and some new organization should take their place, and they should not be called the FBI. That name is now permanently corrupted.

I could not be more serious.

I'm not rebooting jack shit and I laugh at your warning, you bunch of crooks. Piss on your freakin' warnings.



Amen Brother!


********************************************
"On the other side of fear you will always find freedom"
 
Posts: 2688 | Registered: January 08, 2009Reply With QuoteReport This Post
Better Than I Deserve!
Picture of LBTRS
posted Hide Post
This doesn't make any sense...rebooting something doesn't remove malware. Seems like if they loaded it in the first place it will just reload as soon as it reboots unless some removal action were taken by the user.


____________________________
NRA Benefactor Life Member
GOA Life Member
Arizona Citizens Defense League Life Member
 
Posts: 4990 | Location: Phoenix, AZ | Registered: September 23, 2005Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by LBTRS:
This doesn't make any sense...rebooting something doesn't remove malware. Seems like if they loaded it in the first place it will just reload as soon as it reboots unless some removal action were taken by the user.

The nature of this particular beast, as I understand it, is that a vulnerability was used to install an exploit that would give a command and control server the ability to install running instances of active malware. The FBI has seized that server, so rebooting the router will purge the running instance of malware, with no server to re-download and -install another.

But, yes: The initial vulnerability, and the exploit that was installed, remains. The latter can be purged on some routers by doing a factory reset, I believe. But still the vulnerability remains until updated firmware is made available and installed.

If you're running one of the vulnerable routers you would be well-advised to reboot it.

Here ya go: More information: Hackers infect 500,000 consumer routers all over the world with malware

From over a week ago, I would note.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26009 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
wishing we
were congress
posted Hide Post
this is the FBI notice

 
Posts: 19759 | Registered: July 21, 2002Reply With QuoteReport This Post
Fighting the good fight
Picture of RogueJSK
posted Hide Post
quote:
Originally posted by Storm:
quote:
Originally posted by rpm2010:
Is pulling the power connector plug off the router for a minute & reconnecting the same as rebooting?


Yes. Usually, leave it powered down for around 60 seconds, before powering it back up.


Correct.

There was a bit of confusion at first, because it was first reported that the FBI was recommending that everyone reset their routers, but what they're actually asking for is a reboot. Some news outlets are still saying "reset".

Those are two specific, different terms.

Unplugging the router, letting it sit for a few seconds, then plugging it back in, is a reboot, also called a restart or power cycle. This is simple. Anyone can do it. You've likely done it before, as it's the first step in troubleshooting wireless internet issues. Some folks do this weekly/monthly, even when there's not any problems.

A reboot on a router is akin to merely restarting a computer.


But a reset is more drastic, and involves using something like a paperclip to hold down the recessed Reset button on the back or underside of the router. This will reset the router back to factory settings. You shouldn't do this unless you have the knowledge to be able to setup all your wireless network settings all over again.

A reset on a router is akin to wiping a computer's hard drive and reinstalling Windows.
 
Posts: 33266 | Location: Northwest Arkansas | Registered: January 06, 2008Reply With QuoteReport This Post
Member
Picture of TigerDore
posted Hide Post
Would any of you buy a used car from any of these guys?




 
Posts: 9043 | Registered: September 26, 2013Reply With QuoteReport This Post
Tupperware Dr.
Picture of GCE61
posted Hide Post
FBI = Geeksquad
 
Posts: 3596 | Registered: December 28, 2008Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by TigerDore:
Would any of you buy a used car from any of these guys?

*sigh*... The FBI didn't discover this problem. Nor did they initially report it. Nor did they analyze it. Nor did they derive the countermeasures. They're just passing along the knowledge and wisdom of those who did.

Don't trust the FBI? Fine. Can't say I blame you. I'm not entirely sure about them, myself, any more. So instead take it from me (and, I expect, other network geeks here on SF you know): Reboot your router.

If mine was one of the known affected ones: I'd factory reset, as well. Then I'd replace it, unless the manufacturer came out with patched firmware tout de suite.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26009 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Political Cynic
Picture of nhtagmember
posted Hide Post
FBI

Fumbling Bumbling Incompetents

why would we take them seriously? they seem to have a penchant for lying to the American people.

what exactly is their credibility?



[B] Against ALL enemies, foreign and DOMESTIC


 
Posts: 53951 | Location: Tucson Arizona | Registered: January 16, 2002Reply With QuoteReport This Post
Peace through
superior firepower
Picture of parabellum
posted Hide Post
ensigmatic must be an FBI plant

Perhaps a fern, or a rhododendron, possibly.
 
Posts: 109643 | Registered: January 20, 2000Reply With QuoteReport This Post
  Powered by Social Strata Page 1 2  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    FBI says to reboot router...Russian hacking group botnet

© SIGforum 2024