FBI warning people to reset routers
The FBI is warning that a new malware threat has rapidly infected more than a half-million consumer devices. To help arrest the spread of the malware, the FBI and security firms are urging home Internet users to reboot routers and network-attached storage devices made by a range of technology manufacturers.
The growing menace — dubbed VPNFilter — targets Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office space, as well as QNAP network-attached storage (NAS) devices, according to researchers at Cisco.
Luckily, the FBI has seized the domain it believes is linked to the Russian-run VPNFilter botnet that was poised to launch a massive attack, possibly against the Ukraine.
FBI Special Agent Michael McKeown stated in court documents that evidence exists showing the domain toknowall.com was to be used as part of an attack.
“There is probable cause to believe that the subject domain name constitutes personal property that was used or intended to be used to commit or to facilitate the commission of damage to protected computers.”
The effectively neuters the attack, however, here’s some steps you can take to protect yourself.
Cisco said part of the code used by VPNFilter can still persist until the affected device is reset to its factory-default settings. Most modems and DVRs will have a tiny, recessed button that can only be pressed with something small and pointy, such as a paper clip. Hold this button down for at least 10 seconds (some devices require longer) with the device powered on, and that should be enough to reset the device back to its factory-default settings. In some cases, you may need to hold the tiny button down and keep it down while you plug in the power cord, and then hold it for 30 seconds.
After resetting the device, you’ll need to log in to its administrative page using a Web browser. The administrative page of most commercial routers can be accessed by typing 192.168.1.1, or 192.168.0.1 into a Web browser address bar. If neither of those work, try looking up the documentation at the router maker’s site, or checking to see if the address is listed here. If you still can’t find it, open the command prompt (Start > Run/or Search for “cmd”) and then enter ipconfig. The address you need should be next to Default Gateway under your Local Area Connection. Those with a Linksys brand device can find their Linksys router login instructions and more useful tips for accessing the settings and control panel on the RouterReset website.
Once you’re there, make sure you’ve changed the factory-default password that allows you to log in to the device (pick something strong that you can remember).
You’ll also want to make sure your device has the latest firmware updates. Most router Web interfaces have a link or button you click to check for newer device firmware. If there are any updates available, install those before doing anything else.