• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 30 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 30th anniversary: Happy 30th Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $21,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $21 Million dollars
  • Sign up to get the TUG Newsletter for free!

    60,000+ subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware

Status
Not open for further replies.

RNCollins

TUG Lifetime Member
Joined
Jan 2, 2016
Messages
3,329
Reaction score
1,200
Points
399
Location
Borscht Belt
Resorts Owned
Tradewinds, Divi, Quarter House, Casa Ybel
FBI’s Urgent Request: Reboot Your Router to stop Russia-Linked Malware
https://www.nytimes.com/2018/05/27/...h_180528&nl=todaysheadlines&nlid=684898650528

The New York Times/ Louis Lucero II / May 27, 2018

“Hoping to thwart a sophisticated malware system linked to Russia that has infected hundreds of thousands of internet routers, the F.B.I. has made an urgent request to anybody with one of the devices: Turn it off, and then turn it back on.

The malware is capable of blocking web traffic, collecting information that passes through home and office routers, and disabling the devices entirely, the bureau announced on Friday.

A global network of hundreds of thousands of routers is already under the control of the Sofacy Group, the Justice Department said last week. That group, which is also known as A.P.T. 28 and Fancy Bear and believed to be directed by Russia’s military intelligence agency, hacked the Democratic National Committee ahead of the 2016 presidential election, according to American and European intelligence agencies.

The F.B.I. has several recommendations for any owner of a small office or home office router. The simplest thing to do is reboot the device, which will temporarily disrupt the malware if it is present. Users are also advised to upgrade the device’s firmware and to select a new secure password. If any remote-management settings are in place, the F.B.I. suggests disabling them....”

5C40FAA0-1ABD-48A7-B63E-6069B661B1F0.jpeg

Photo Credit: Ozier Muhammad / The New York Times
An analysis by Cisco’s threat intelligence division found that hundreds of thousands of routers, from a range of manufacturers, were infected by the malware linked to the hacking group Fancy Bear.
 

x3 skier

TUG Review Crew: Veteran
TUG Member
Joined
Apr 17, 2006
Messages
5,266
Reaction score
2,295
Points
649
Location
Ohio and Colorado
Resorts Owned
Steamboat Grand, The West,
Raintree and, formerly, The Allen House
Gee, the power failure I had last week has a silver lining!

Cheers
 

Passepartout

TUG Review Crew: Veteran
TUG Member
Joined
Feb 10, 2007
Messages
28,461
Reaction score
17,213
Points
1,299
Location
Twin Falls, Eye-Duh-Hoe
The reboot solution is just temporary. Updating your computer's firmware and changing passwords is better.

It seems that 'You Know Who' will stop at nothing to infiltrate every segment of American life.

Jim
 

Steve Fatula

TUG Member
Joined
Jun 12, 2017
Messages
3,723
Reaction score
2,718
Points
349
Location
Calera, OK
For those who may have missed it, FBI announcement . Major Russian malware attack ongoing, a number of vulnerable home routers. If you have firmware updates, time to apply as well. If not, monitor for a while and any decent company should come up with an update soon.

https://www.nytimes.com/2018/05/27/technology/router-fbi-reboot-malware.html

Sorry, I looked and did not see a thread already existed, this post was merged.

Update firmware when you can, reboot for now anyway, don't allow wan access if possible to your router admin.
 
Last edited:

BJRSanDiego

TUG Review Crew: Expert
TUG Member
Joined
Jan 8, 2012
Messages
3,439
Reaction score
1,913
Points
398
Location
San Diego
Resorts Owned
Sands of Kahana, Desert Springs I, DSV2, Shadow Ridge Enclaves Dlx
The reboot solution is just temporary. Updating your computer's firmware and changing passwords is better.

It seems that 'You Know Who' will stop at nothing to infiltrate every segment of American life.

Jim

How do I update my ROUTER's (not computer's) firmware ? I know how to reboot the router and also how to reset it to factory settings/firmware. I presume that if I reset it to the factory settings that it will automatically update itself with the various firewall and other firmware releases that were made since I first bought it.

Is this all I have to do to update the router? Reset to original factory settings and sit back and let it update itself?
 

zinger1457

Guest
Joined
Aug 21, 2005
Messages
695
Reaction score
45
Points
338
How do I update my ROUTER's (not computer's) firmware ?

When you login to your router there should be an option to check if any firmware updates are available. When selected it will go out to the routers web site and check, if updates are available you'll then have the option to download and install them.
 

Passepartout

TUG Review Crew: Veteran
TUG Member
Joined
Feb 10, 2007
Messages
28,461
Reaction score
17,213
Points
1,299
Location
Twin Falls, Eye-Duh-Hoe
Usually there is a sticker on your router with it's UP address. Enter that in your browsers search window. That should give you the option of updating it's firmware. For step by step instructions do a Google or Bing search for your brand of router.
'update ________(brand) router firmware.'

Jim
 

Steve Fatula

TUG Member
Joined
Jun 12, 2017
Messages
3,723
Reaction score
2,718
Points
349
Location
Calera, OK
How do I update my ROUTER's (not computer's) firmware ? I know how to reboot the router and also how to reset it to factory settings/firmware. I presume that if I reset it to the factory settings that it will automatically update itself with the various firewall and other firmware releases that were made since I first bought it.

Is this all I have to do to update the router? Reset to original factory settings and sit back and let it update itself?

Do NOT reset to factory settings, any settings you changed, passwords, wifi access, etc will go away and back to default. What router make and model do you have?
 

Makai Guy

Administrator
Joined
Jun 3, 2004
Messages
4,546
Reaction score
1,340
Points
649
Location
Aiken, SC, USA
Resorts Owned
Spicebush (Hilton Head Island)
The reboot solution is just temporary. Updating your computer's firmware and changing passwords is better.
Unfortunately, my excellent Western Digital router is an orphan as WD got out of the router business years ago. I have their latest update which is from 2012.
 

Passepartout

TUG Review Crew: Veteran
TUG Member
Joined
Feb 10, 2007
Messages
28,461
Reaction score
17,213
Points
1,299
Location
Twin Falls, Eye-Duh-Hoe
Unfortunately, my excellent Western Digital router is an orphan as WD got out of the router business years ago. I have their latest update which is from 2012.
Maybe, just maybe, it's time to consider giving it a well earned retirement. On the other hand, maybe it pre-dated digital bamboozlery. If the Russkies were targeting adding machines, and you used an abacus, no problems!
 

BJRSanDiego

TUG Review Crew: Expert
TUG Member
Joined
Jan 8, 2012
Messages
3,439
Reaction score
1,913
Points
398
Location
San Diego
Resorts Owned
Sands of Kahana, Desert Springs I, DSV2, Shadow Ridge Enclaves Dlx
Do NOT reset to factory settings, any settings you changed, passwords, wifi access, etc will go away and back to default. What router make and model do you have?

Steve et al,
I've been doing some investigation and on-line searching along the lines of the suggestions you folks made. For my model of 2wire (Pace) gateway, I had trouble figuring out what the most current software version should be. Surprisingly on the tech support links to Pace/2wire, updating firmware wasn't an option. Some of the on-line links described the steps needed to be followed but when I tried to follow them, they didn't work. I also logged on to my router and it wasn't an option to download newer firmware. On an AT&T link, I read the following: "If you're using an AT&T gateway, you should already be on the most current firmware. AT&T updates all of the gateways. You are most likely using the firmware that is current." Another site said something similar except it mentioned that AT&T "pushes" the updates down.
So maybe I'm safe for the time being.
 

Steve Fatula

TUG Member
Joined
Jun 12, 2017
Messages
3,723
Reaction score
2,718
Points
349
Location
Calera, OK
BJRSanDiego, you are correct, At&t usually updates those routers. Some internet providers supply or rent equipment. In those cases, it’s still their device so they typically manage it.
 

theo

TUG Review Crew: Veteran
TUG Member
Joined
Mar 21, 2007
Messages
9,032
Reaction score
2,268
Points
648
Location
New England Coast
Please forgive my admitted technological ignorance, but I will boldly step forward to demonstrate it once again anyhow...

It's easy to "reboot" a router; I did that immediately after seeing this thread yesterday.
I will next separately look further into updating the router firmware (...wish me luck).

What I do not even begin to understand is how or why a "reboot" of the router is of any use or value as a protective measure against the issue under discussion. Doesn't a "reboot" simply restore the router to exactly where it was before the reboot and, if so, what is the point or purpose of the reboot anyhow? :shrug::confused::shrug:
 

Steve Fatula

TUG Member
Joined
Jun 12, 2017
Messages
3,723
Reaction score
2,718
Points
349
Location
Calera, OK
The semi technical explanation is in my post above, #4, click on the link. Read near the end. It does help to reboot.
 
Last edited:

theo

TUG Review Crew: Veteran
TUG Member
Joined
Mar 21, 2007
Messages
9,032
Reaction score
2,268
Points
648
Location
New England Coast
On an AT&T link, I read the following: "If you're using an AT&T gateway, you should already be on the most current firmware. AT&T updates all of the gateways. You are most likely using the firmware that is current." Another site said something similar except it mentioned that AT&T "pushes" the updates down.

Verizon tech support folks make that same claim for their FIOS / routers. :shrug:
 

WinniWoman

TUG Review Crew: Veteran
TUG Member
Joined
Jul 16, 2010
Messages
10,762
Reaction score
7,057
Points
749
Location
The Weirs, New Hampshire
Resorts Owned
Innseason Pollard Brook
Gee, the power failure I had last week has a silver lining!

Cheers


I just said the same to my husband. We lose power so often the modem constantly reboots! LOL!
But ours is a rented router anyway.
 

PigsDad

TUG Member
Joined
Nov 1, 2006
Messages
10,072
Reaction score
7,075
Points
898
Location
Colorado and SW Florida
Resorts Owned
HGVC Elite: SeaWorld, Surf Club, Charter Club, Valdoro
This is exactly why I own my own modem and router. Not only does it save money and provide me with much better equipment, it allows me to quickly apply firmware updates and manage my own security.

Kurt
 

Makai Guy

Administrator
Joined
Jun 3, 2004
Messages
4,546
Reaction score
1,340
Points
649
Location
Aiken, SC, USA
Resorts Owned
Spicebush (Hilton Head Island)
... what is the point or purpose of the reboot anyhow?

For this particular threat, known as VPNFilter, my understanding from what I've read is it works like this:

This all starts with a "stage 1" infection. The primary purpose of this stage is to locate a "Command and control" web server run by the bad guys, and download and install the rest of the malware (i.e. stage 2) from there. The server involved has been identified as toknowall(dot)com. Stage 1 survives a reboot, but stage 2 does not, so stage 1 also periodically reconnects to keep stage 2 installed and up-to-date.

The full capabilities of stage 2, if present, are still being investigated. Several variants have been found. Known capabilities are that it can respond to trigger commands from the bad guys to 1) spy on traffic going through the router, and/or 2) render the router useless by deleting or overwriting part of the router's firmware then rebooting.

Stage 2 is also capable of downloading additional stage 3 plugins to add additional capabilities.

The FBI has now taken control of the toknowall(dot)com server so it can no longer download and reinstall stages 2 or 3. That's why a simple reboot that erases stages 2 and 3 breaks the chain for this particular malware, at least for now.
 

theo

TUG Review Crew: Veteran
TUG Member
Joined
Mar 21, 2007
Messages
9,032
Reaction score
2,268
Points
648
Location
New England Coast
Doug:
Thanks for the above explanation; the article cited didn't really provide much insight. :thumbup:
 

rickandcindy23

TUG Review Crew: Elite
TUG Member
Joined
Jun 6, 2005
Messages
31,892
Reaction score
8,998
Points
1,049
Location
The Centennial State
Resorts Owned
Wyndham Founder; Disney OKW & SSR; Marriott's Willow Ridge,Shadow Ridge,Grand Chateau;Val Chatelle; Hono Koa OF (3); SBR(LOTS), SDO a few; Grand Palms; WKORV-OF (2),Westin Desert Willow.
Those of us who are not tech savvy are doomed. We are having Xfinity install our new stuff today, TV, voice, internet. It will save us a bundle, and we will have a new router/modem. We already bought it. I guess this tech will know how to get it installed and get the firmware updates.
 
Status
Not open for further replies.
Top