FBI’s Router Reboot Suggestion (Updated)

by tnolen
/
Comment Closed

We’ve had a few customers call to ask us about the news stories being published reporting that the FBI is urging users to reboot their routers.   We wanted to post some information about that to help address any questions.   Here is a link to one such story for more information:  https://www.cbsnews.com/news/fbi-urges-internet-users-to-reboot-home-routers/

Another story:  https://www.cnet.com/how-to/the-fbi-says-you-should-reboot-your-router-should-you/

First, it is important to understand the difference between “reboot” and “reset” (a distinction the FBI apparently does not understand).   A “reboot” is harmless and will clear out any malware which is resident in memory (running at the time).  However, if the malware is loaded onto the router so that it will be reloaded, a reboot does no good.  A “reset” puts the piece of hardware back like it was from the factory and should eliminate any loaded malware.   HOWEVER, if the router has been programmed with settings changes such as custom WiFi settings, non-default IP address settings, password changes, or other changes made during installation, those settings will be LOST during a “reset”.   If your equipment was professionally installed, there is a good chance that resetting your router will cause problems on your network so we suggest contacting the installer BEFORE performing a “reset”.

The malware — called VPNFilter — targets Linksys, MikroTik, NETGEAR and TP-Link networking equipment, as well as QNAP network-attached storage (NAS) devices, according to researchers at Cisco.

If you purchase(d) your equipment from Network Solutions, Inc., we have only sold QNAP equipment which is affected.  QNAP has released a statement about the security vulnerability which allows VPNFilter to be installed.  Basically, if your QNAP has been upgraded since mid-2017, it is no longer vulnerable to attack.  QNAP also has a  free Malware app which periodically scans the device for malware and is capable of detecting and removing VPNFilter.  If Network Solutions, Inc. does maintenance on your network with the QNAP and has performed maintenance since mid-2017, your QNAP is most likely already patched and cleaned.  However, if you do have a QNAP which is open to the internet (accessible from outside your network) and we have not performed any maintenance recently, we do urge you to contact us so that we can update your system and check it for malware.

 

Update – June 6, 2018 – This issue has been found to be much worse than previously thought.  The list of manufacturers affected by the malware has been expanded to include routers made by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE.   Network Solutions, Inc. has definitely sold routers from these manufacturers – mostly Asus and Ubiquiti.  Although the Ubiquiti units we have sold are not listed as affected by this malware, we *have* sold Asus units which are affected – RT-N66U and RT-AC66U.   Here is a link to a story about the new developments: https://www.bleepingcomputer.com/news/security/vpnfilter-can-also-infect-asus-d-link-huawei-ubiquiti-upvel-and-zte-devices/

Removing VPNFilter from infected devices is quite a challenge, as this malware is one of two malware strains that can achieve boot persistence on SOHO routers and IoT devices. Furthermore, there are no visible signs that a router has been infected with this malware, so unless you can scan your router’s firmware, even knowing you’re infected is a challenge. The best advice we can give right now is to make sure you’re running a router with up-to-date firmware.  Please contact Network Solutions, Inc. if you would like us to upgrade your router firmware.  Please note that resetting your router yourself may make your network inoperable.

 

If you have any questions or would like to schedule a call to evaluate or update your equipment, please contact us at 256-547-6817 or email support@internetpro.net.