Russian malware
May 30th, 2018, 04:51 PM
#1
Registered User
Thread Starter
Join Date: Feb 2013
Location: Phoenix, AZ
Posts: 13,738
Russian malware
So has anyone seen the FBI warning about the Russian malware?
https://www.ic3.gov/media/2018/180525.aspx
I was curious about exactly what is going on so I did some searching and found this. I recommend reading the entire blog. Even though it's very technical and a bit boring, it explains very well how the malware works and why it is important to protect against it.
https://blog.talosintelligence.com/2...VPNFilter.html
The behavior of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols. Lastly, the malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.
We recommend that:
Due to the potential for destructive action by the threat actor, we recommend out of an abundance of caution that these actions be taken for all SOHO or NAS devices, whether or not they are known to be affected by this threat.
I guess I should reset my routers so the Russians can't brick them.
https://www.ic3.gov/media/2018/180525.aspx
I was curious about exactly what is going on so I did some searching and found this. I recommend reading the entire blog. Even though it's very technical and a bit boring, it explains very well how the malware works and why it is important to protect against it.
https://blog.talosintelligence.com/2...VPNFilter.html
The behavior of this malware on networking equipment is particularly concerning, as components of the VPNFilter malware allows for theft of website credentials and monitoring of Modbus SCADA protocols. Lastly, the malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide.
We recommend that:
- Users of SOHO routers and/or NAS devices reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.
- Internet service providers that provide SOHO routers to their users reboot the routers on their customers' behalf.
- If you have any of the devices known or suspected to be affected by this threat, it is extremely important that you work with the manufacturer to ensure that your device is up to date with the latest patch versions. If not, you should apply the updated patches immediately.
- ISPs work aggressively with their customers to ensure their devices are patched to the most recent firmware/software versions.
Due to the potential for destructive action by the threat actor, we recommend out of an abundance of caution that these actions be taken for all SOHO or NAS devices, whether or not they are known to be affected by this threat.
I guess I should reset my routers so the Russians can't brick them.
May 31st, 2018, 07:06 AM
#4
Registered User
Join Date: Sep 2009
Location: MN
Posts: 345
Yeah...drives me nuts when people & agencies use acronyms as though EVERYBODY knows what they mean. Is it too much to ask that they define them initially before going ahead and using them in the rest of the text? Anyway, does this mean anybody and everybody who has a wireless router for their personal home desktop, laptop, notepad, etc needs to reboot it?
Last edited by crimsoncolby; May 31st, 2018 at 07:10 AM.
May 31st, 2018, 08:50 AM
#6
Registered User
Thread Starter
Join Date: Feb 2013
Location: Phoenix, AZ
Posts: 13,738
Yes. I read an update on one of the computer magazine sites that said the FBI extended the alert to ALL routers, not just the ones in the initial warning.
Last edited by Fun71; May 31st, 2018 at 09:07 AM.
Thread
Thread Starter
Forum
Replies
Last Post
