[App_rpt-users] Router Malware Warnings from FBI

JJC cummingsj at gmail.com
Fri Jun 1 15:56:34 UTC 2018


Wrong, I had to reread this.. what they don't make patches for are things
that have not been discovered as being exploited yet...  The fact that it's
being exploited does not mean that it's known or disclosed.

I am quite aware of when this started - the rest of your statement I pretty
much agree with though ;-)


On Thu, May 31, 2018 at 11:13 AM, Bryan St Clair <bryan at k6cbr.us> wrote:

> They don't make patches for something that hasn't been exploited yet.
> That's why a day 0 exists.
>
> This started in 2016...
>
> The affected models are older and I would bet, behind in updates.
>
> Updates don't protect everything, just what was known in the past. 2016 is
> the past.
>
> A good reason why it's tageted the Linksys, MikroTik, NETGEAR and TP-Link
> devices is their low update rate. Not the manufacturer, but the consumer.
>
>
> On Thu, May 31, 2018, 10:06 JJC <cummingsj at gmail.com> wrote:
>
>> Not entirely correct see inline....
>>
>> On Thu, May 31, 2018 at 10:43 AM, Bryan St Clair <bryan at k6cbr.us> wrote:
>>
>>> It is a threat to anyone who doesn't maintain a strong login credential
>>> set and/or who doesn't update firmware.   If you do both these, you are
>>> very unlikely to have been infected.
>>>
>> Not entirely accurate, there were 0days involved in this.. that means
>> that the threat existed and was being exploited before a patch / firmware
>> update was released.
>>
>>
>>>
>>>
>> No harm in a reboot (for many reasons) however daily may not be needed.
>>>
>> Agreed, and a reboot only clears the non-persistent mechanisms.  And rest
>> assured mechanisms exist for persistence...
>>
>>
>>>
>>> Remember, firmware updates patch known vulnerability issues that these
>>> malware infections exploit.
>>>
>> Correct "known" being the keyword, see comment #1
>>
>>>
>>>
>>> On Thu, May 31, 2018, 08:20 Mike <mm at midnighteng.com> wrote:
>>>
>>>>
>>>> Just in the case you have not heard the news of the past week,
>>>>
>>>> There is a warning issued by the FBI about a potential malware threat
>>>> to
>>>> routers.
>>>>
>>>> https://www.washingtonpost.com/news/powerpost/paloma/the-
>>>> cybersecurity-202/2018/05/24/the-cybersecurity-202-the-fbi-
>>>> is-trying-to-thwart-a-massive-russia-linked-hacking-campaign/
>>>> 5b058e921b326b492dd07e55/?utm_term=.3ecb87d65a41
>>>>
>>>>
>>>> While I did try to dig deeper on this over the weekend, I could not
>>>> obtain the grimy details.
>>>>
>>>> But it looks like a sleeper so you might want to do due diligence and
>>>> reset your router to clear the ram.
>>>>
>>>> When I say sleeper, I mean it has yet to perform new duties so it might
>>>> not affect anything now.
>>>>
>>>> I'm clearing all of mine once a day till I find out more. Just a FYI.
>>>>
>>>>
>>>> ...mike/kb8jnm
>>>>
>>>> _______________________________________________
>>>> App_rpt-users mailing list
>>>> App_rpt-users at lists.allstarlink.org
>>>> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>>>>
>>>> To unsubscribe from this list please visit
>>>> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>>>> and scroll down to the bottom of the page. Enter your email address and
>>>> press the "Unsubscribe or edit options button"
>>>> You do not need a password to unsubscribe, you can do it via email
>>>> confirmation. If you have trouble unsubscribing, please send a message to
>>>> the list detailing the problem.
>>>
>>>
>>> _______________________________________________
>>> App_rpt-users mailing list
>>> App_rpt-users at lists.allstarlink.org
>>> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>>>
>>> To unsubscribe from this list please visit http://lists.allstarlink.org/
>>> cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of
>>> the page. Enter your email address and press the "Unsubscribe or edit
>>> options button"
>>> You do not need a password to unsubscribe, you can do it via email
>>> confirmation. If you have trouble unsubscribing, please send a message to
>>> the list detailing the problem.
>>>
>>
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at lists.allstarlink.org
>> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>>
>> To unsubscribe from this list please visit http://lists.allstarlink.org/
>> cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of
>> the page. Enter your email address and press the "Unsubscribe or edit
>> options button"
>> You do not need a password to unsubscribe, you can do it via email
>> confirmation. If you have trouble unsubscribing, please send a message to
>> the list detailing the problem.
>
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at lists.allstarlink.org
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit http://lists.allstarlink.org/
> cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of
> the page. Enter your email address and press the "Unsubscribe or edit
> options button"
> You do not need a password to unsubscribe, you can do it via email
> confirmation. If you have trouble unsubscribing, please send a message to
> the list detailing the problem.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20180601/2e9d0ccb/attachment.html>


More information about the App_rpt-users mailing list