[App_rpt-users] Router Malware Warnings from FBI

Thu May 31 17:06:42 UTC 2018

Not entirely correct see inline....

On Thu, May 31, 2018 at 10:43 AM, Bryan St Clair <bryan at k6cbr.us> wrote:

> It is a threat to anyone who doesn't maintain a strong login credential
> set and/or who doesn't update firmware.   If you do both these, you are
> very unlikely to have been infected.
>
Not entirely accurate, there were 0days involved in this.. that means that
the threat existed and was being exploited before a patch / firmware update
was released.

>
>
No harm in a reboot (for many reasons) however daily may not be needed.
>
Agreed, and a reboot only clears the non-persistent mechanisms.  And rest
assured mechanisms exist for persistence...

>
> Remember, firmware updates patch known vulnerability issues that these
> malware infections exploit.
>
Correct "known" being the keyword, see comment #1

>
>
> On Thu, May 31, 2018, 08:20 Mike <mm at midnighteng.com> wrote:
>
>>
>> Just in the case you have not heard the news of the past week,
>>
>> There is a warning issued by the FBI about a potential malware threat to
>> routers.
>>
>> https://www.washingtonpost.com/news/powerpost/paloma/the-
>> cybersecurity-202/2018/05/24/the-cybersecurity-202-the-fbi-
>> is-trying-to-thwart-a-massive-russia-linked-hacking-campaign/
>> 5b058e921b326b492dd07e55/?utm_term=.3ecb87d65a41
>>
>>
>> While I did try to dig deeper on this over the weekend, I could not
>> obtain the grimy details.
>>
>> But it looks like a sleeper so you might want to do due diligence and
>> reset your router to clear the ram.
>>
>> When I say sleeper, I mean it has yet to perform new duties so it might
>> not affect anything now.
>>
>> I'm clearing all of mine once a day till I find out more. Just a FYI.
>>
>>
>> ...mike/kb8jnm
>>
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at lists.allstarlink.org
>> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>>
>> To unsubscribe from this list please visit http://lists.allstarlink.org/
>> cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of
>> the page. Enter your email address and press the "Unsubscribe or edit
>> options button"
>> You do not need a password to unsubscribe, you can do it via email
>> confirmation. If you have trouble unsubscribing, please send a message to
>> the list detailing the problem.
>
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at lists.allstarlink.org
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit http://lists.allstarlink.org/
> cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of
> the page. Enter your email address and press the "Unsubscribe or edit
> options button"
> You do not need a password to unsubscribe, you can do it via email
> confirmation. If you have trouble unsubscribing, please send a message to
> the list detailing the problem.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20180531/84a8a49b/attachment.html>