Does anyone know the details about this? I heard on the news and found some reports suggesting everyone turn cycle the power to their WiFi router to reset it.

https://www.nytimes.com/2018/05/27/technology/router-fbi-reboot-malware.html

Tthis article says it's only a temporary fix.

JKJ

I saw it on NBC nightly news tonight. I have it set so my router turns off when I shut down my PC. I do not have (or want) a smart home.. :)

Does anyone know the details about this? ...

The way I understood the article I read was the (Russian Botnet) Infection doesn't do anything bad on its own. It looks in specific places for instructions, which had been telling it to do bad things, and the FBI has taken those places offline or seized them and "fixed" them to not provide instructions. Reseting your router causes it to have to refetch instructions and it is rendered harmless. Of course, it is still infected and your manufacturer should provide upgraded firmware, and... we can all guess how likely that'll happen soon is.

Of course, it is still infected and your manufacturer should provide upgraded firmware, and... we can all guess how likely that'll happen soon is.

The manufacturers and ISPs will get on it right after the government gets its head out of the sand and gets concerned about a foreign adversary hijacking our communications system. Though sometimes it seems their heads are not in the sand but some where the sun don't shine.

jtk

The lack of security updates for out-of-production communications gear is a concern. Android phones, especially the low end models have a similar issue, they may get one or two updates and that's it. I have DD-WRT on my WiFi router and that gets updates ever couple months.

The lack of security updates for out-of-production communications gear is a concern. Android phones, especially the low end models have a similar issue, they may get one or two updates and that's it. I have DD-WRT on my WiFi router and that gets updates ever couple months.

So the best solution may be to just buy a new router. Wait, are we sure it is the Russians behind this thing and not router manufacturers? Oh heavens, of course not. Companies would not indulge in that sort of behavior just to make a few billions bucks.

OK, time to put the tinfoil hat back on.

This doesn't affect all routers, but doing a restart is supposed to clear the risk because the FBI took over the target site for the malicious code. It only takes a few moments to do that. The Actiontec that serves as my edge router/firewall for FiOS isn't affected, but I still did the reboot as a best practice.

The FBI has been tracking Russian groups and others for years. How would you like to have one of those jobs? Sit at a computer and run orchestrated cyber-attacks 24 x 7. Sheesh. The university got a nice letter from the FBI with some of our credentials in it stating that we might want to button up those machines. In the university environment you are trying to police 20,000+ people who are quite bright but, not necessarily computer savvy . . . unsecured servers under people's desks and all that. I fondly remember when the internet wasn't a toilet.

And people, please, change the passwords and keys on your new routers. Don't leave things default. I did an interview for a local TV station showing how many networks were visible in my area with a handmade extended antenna, and how many I could access with simple/default credentials. Then when they aired it people called the station asking what to do instead of calling their computer person or looking online. Sheesh.

I saw it on NBC nightly news tonight. I have it set so my router turns off when I shut down my PC. I do not have (or want) a smart home.. :)
This doesn't really "protect" you from as much as you think it might. Yes, nobody can do anything nefarious when it's off line, but the kind of mischief that goes on happens very fast...with or without compromised code. Strong passwords that are unique from others is a best practice and changing them from time to time is a good idea, even when your connection isn't constant.

Yeah, turning off the network is useless as a security measure. I mean, ok, so the attackable time is shorter, but these attacks are automated and constantly scouring the internet. If you have a vulnerable device, it will happen. My servers see around 27,000 attacks per day, each.

The FBI has been tracking Russian groups and others for years. How would you like to have one of those jobs? Sit at a computer and run orchestrated cyber-attacks 24 x 7. Sheesh. The university got a nice letter from the FBI with some of our credentials in it stating that we might want to button up those machines. In the university environment you are trying to police 20,000+ people who are quite bright but, not necessarily computer savvy . . . unsecured servers under people's desks and all that. I fondly remember when the internet wasn't a toilet.
For the record, some universities themselves have been victims of ransomware!

I don't who is safe and who is not these days. The scariest one is not the hack, no matter how many people or accounts are affected by it, that is known, but the one that has not been discovered.

Simon

About a year ago I discovered an exposed folder full of Excel files containing all the personal info for several hundred thousand mortgage applicants. Calling the company to notify them was way harder than it should have been, as they mostly wanted to treat me like a customer and the salespeople probably thought I was pranking. Finally I searched Linkedin for their head of legal, called him, and told his secretary that I was looking at HER mortgage application info on the public internet so he might wanna talk to me. He didn't, but instantly put me through to the CIO/CSO. I was able to find an employee and a friend within the info.

All it takes is one moron to click "share with anyone" on a unified internal/web server like MS Sharepoint. What a dangerous and awful product.

This doesn't affect all routers, but doing a restart is supposed to clear the risk because the FBI took over the target site for the malicious code. It only takes a few moments to do that. The Actiontec that serves as my edge router/firewall for FiOS isn't affected, but I still did the reboot as a best practice.

It's too bad that routers don't commonly support automated periodic reboots. I don't think they do though I don't have a recent vintage device. DD-WRT does, I can schedule that router to reboot at a time that is not disruptive and can select how often it reboots. In theory I guess a router should never have to be rebooted but .... yeah.

Curt, occasional reboot of a router isn't a horrible thing just for practical reasons. It cleans up some stuff that hangs on and builds up like any other computing device. Routers are computers at the heart and a good kick in the pants is warranted once in awhile just like any other computer...even computers that are inherently stable over longer periods of time.

That's exactly right, all routers are simply computers usually running Linux and routing/switching software. How often they need a reboot seems to correlate in reverse to how much they cost. Cheap stuff...frequent. The routers in our infrastructure never get a reboot unless it's incidental to some other task like an OS upgrade.

It cleans up some stuff that hangs on and builds up like any other computing device. Routers are computers at the heart and a good kick in the pants is warranted once in awhile just like any other computer...even computers that are inherently stable over longer periods of time.

I simply can't believe how much junk comes installed on computers these days and how much unneeded stuff gets magically added somehow. No wonder some are unstable.

Back when I relied on my computers for a living I kept my software development, 3D modeling, and video/audio editing computers as clean as I could - never installed OS updates, never downloaded software, never bought and installed software I didn't absolutely need for the work, and never surfed the web. When setting up a new machine the first thing I always did was pare down the OS to the bare minimum, removing or disabling all the services I didn't need. (It was, however, a royal pain to set up a new machine - it usually took me 40-50 hours.)

I was usually 2 or 3 versions behind on OS and application updates, happy to let everyone discover and deal with the bugs in the latest versions and only installing them when I thought it was safe. I had multiple machines on a local network in the house but not connected externally except through ISDN to the Lab. Fortunately I worked at home and didn't have the well-meaning and efficient IP department dictating or "improving" things for me!

It was amazing how stable those computers were. I remember once I didn't reboot my primary workstation for over 18 months and only then because of a power outage. I was afraid the big uninterruptible power supply batteries would run down. Stable machines and keeping at least three running backups on different devices I can say I never lost a 10 minutes of work.

BTW, I believe keeping the power on all the time also helped prevent hardware failures from the heating/cooling and cycles and inrush power surges. These were dual-processor tower boxes loaded with high-end video cards, video hardware, loaded with memory, and packed with drives. The first thing I did when setting up a new system was add a number- of well placed fans and baffles and monitored the temperatures. I didn't need a portable heater under the table in the winter!

Just for fun, one corner of The Dungeon where i worked. (I posted this before)

https://sawmillcreek.org/attachment.php?attachmentid=382203&d=1521835976

JKJ

I simply can't believe how much junk comes installed on computers these days and how much unneeded stuff gets magically added somehow.

Not "on computers" but specifically only on Windows, and more so on junky machines. Business machines mostly come fairly clean. And Apple/Linux machines don't have any junk auto-running.

Not "on computers" but specifically only on Windows, and more so on junky machines. Business machines mostly come fairly clean. And Apple/Linux machines don't have any junk auto-running.

Some people, if they buy a retail PC pull the hard drive and do a fresh install using an image from Microsoft. Keep the original hard drive in case of a warranty issue. Are retail machines today as bad for shovelware as they used to be? I haven't bought a new retail machine in 15 years or more.