[App_rpt-users] Router Malware Warnings from FBI
Bryan St Clair
bryan at k6cbr.us
Thu May 31 17:13:38 UTC 2018
They don't make patches for something that hasn't been exploited yet.
That's why a day 0 exists.
This started in 2016...
The affected models are older and I would bet, behind in updates.
Updates don't protect everything, just what was known in the past. 2016 is
the past.
A good reason why it's tageted the Linksys, MikroTik, NETGEAR and TP-Link
devices is their low update rate. Not the manufacturer, but the consumer.
On Thu, May 31, 2018, 10:06 JJC <cummingsj at gmail.com> wrote:
> Not entirely correct see inline....
>
> On Thu, May 31, 2018 at 10:43 AM, Bryan St Clair <bryan at k6cbr.us> wrote:
>
>> It is a threat to anyone who doesn't maintain a strong login credential
>> set and/or who doesn't update firmware. If you do both these, you are
>> very unlikely to have been infected.
>>
> Not entirely accurate, there were 0days involved in this.. that means that
> the threat existed and was being exploited before a patch / firmware update
> was released.
>
>
>>
>>
> No harm in a reboot (for many reasons) however daily may not be needed.
>>
> Agreed, and a reboot only clears the non-persistent mechanisms. And rest
> assured mechanisms exist for persistence...
>
>
>>
>> Remember, firmware updates patch known vulnerability issues that these
>> malware infections exploit.
>>
> Correct "known" being the keyword, see comment #1
>
>>
>>
>> On Thu, May 31, 2018, 08:20 Mike <mm at midnighteng.com> wrote:
>>
>>>
>>> Just in the case you have not heard the news of the past week,
>>>
>>> There is a warning issued by the FBI about a potential malware threat to
>>> routers.
>>>
>>>
>>> https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/05/24/the-cybersecurity-202-the-fbi-is-trying-to-thwart-a-massive-russia-linked-hacking-campaign/5b058e921b326b492dd07e55/?utm_term=.3ecb87d65a41
>>>
>>>
>>> While I did try to dig deeper on this over the weekend, I could not
>>> obtain the grimy details.
>>>
>>> But it looks like a sleeper so you might want to do due diligence and
>>> reset your router to clear the ram.
>>>
>>> When I say sleeper, I mean it has yet to perform new duties so it might
>>> not affect anything now.
>>>
>>> I'm clearing all of mine once a day till I find out more. Just a FYI.
>>>
>>>
>>> ...mike/kb8jnm
>>>
>>> _______________________________________________
>>> App_rpt-users mailing list
>>> App_rpt-users at lists.allstarlink.org
>>> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>>>
>>> To unsubscribe from this list please visit
>>> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users and
>>> scroll down to the bottom of the page. Enter your email address and press
>>> the "Unsubscribe or edit options button"
>>> You do not need a password to unsubscribe, you can do it via email
>>> confirmation. If you have trouble unsubscribing, please send a message to
>>> the list detailing the problem.
>>
>>
>> _______________________________________________
>> App_rpt-users mailing list
>> App_rpt-users at lists.allstarlink.org
>> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>>
>> To unsubscribe from this list please visit
>> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users and
>> scroll down to the bottom of the page. Enter your email address and press
>> the "Unsubscribe or edit options button"
>> You do not need a password to unsubscribe, you can do it via email
>> confirmation. If you have trouble unsubscribing, please send a message to
>> the list detailing the problem.
>>
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at lists.allstarlink.org
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users and
> scroll down to the bottom of the page. Enter your email address and press
> the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email
> confirmation. If you have trouble unsubscribing, please send a message to
> the list detailing the problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20180531/b1789f33/attachment.html>
More information about the App_rpt-users
mailing list