<div dir="auto">They don't make patches for something that hasn't been exploited yet. That's why a day 0 exists.<div dir="auto"><br></div><div dir="auto">This started in 2016...</div><div dir="auto"><br></div><div dir="auto">The affected models are older and I would bet, behind in updates. </div><div dir="auto"><br></div><div dir="auto">Updates don't protect everything, just what was known in the past. 2016 is the past.</div><div dir="auto"><br></div><div dir="auto">A good reason why it's tageted the Linksys, MikroTik, NETGEAR and TP-Link devices is their low update rate. Not the manufacturer, but the consumer.</div><div dir="auto"><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, May 31, 2018, 10:06 JJC <<a href="mailto:cummingsj@gmail.com">cummingsj@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Not entirely correct see inline....<br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 31, 2018 at 10:43 AM, Bryan St Clair <span dir="ltr"><<a href="mailto:bryan@k6cbr.us" target="_blank" rel="noreferrer">bryan@k6cbr.us</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">It is a threat to anyone who doesn't maintain a strong login credential set and/or who doesn't update firmware. If you do both these, you are very unlikely to have been infected. </div></blockquote><div>Not entirely accurate, there were 0days involved in this.. that means that the threat existed and was being exploited before a patch / firmware update was released.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div dir="auto"> <br></div></div></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div dir="auto"></div><div dir="auto">No harm in a reboot (for many reasons) however daily may not be needed.</div></div></blockquote><div>Agreed, and a reboot only clears the non-persistent mechanisms. And rest assured mechanisms exist for persistence...</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div dir="auto"><br></div><div dir="auto">Remember, firmware updates patch known vulnerability issues that these malware infections exploit.</div></div></blockquote><div>Correct "known" being the keyword, see comment #1 </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div dir="auto"> </div></div><div class="m_-2056542781993897811HOEnZb"><div class="m_-2056542781993897811h5"><br><div class="gmail_quote"><div dir="ltr">On Thu, May 31, 2018, 08:20 Mike <<a href="mailto:mm@midnighteng.com" target="_blank" rel="noreferrer">mm@midnighteng.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Just in the case you have not heard the news of the past week,<br>
<br>
There is a warning issued by the FBI about a potential malware threat to <br>
routers.<br>
<br>
<a href="https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/05/24/the-cybersecurity-202-the-fbi-is-trying-to-thwart-a-massive-russia-linked-hacking-campaign/5b058e921b326b492dd07e55/?utm_term=.3ecb87d65a41" rel="noreferrer noreferrer noreferrer" target="_blank">https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/05/24/the-cybersecurity-202-the-fbi-is-trying-to-thwart-a-massive-russia-linked-hacking-campaign/5b058e921b326b492dd07e55/?utm_term=.3ecb87d65a41</a><br>
<br>
<br>
While I did try to dig deeper on this over the weekend, I could not <br>
obtain the grimy details.<br>
<br>
But it looks like a sleeper so you might want to do due diligence and <br>
reset your router to clear the ram.<br>
<br>
When I say sleeper, I mean it has yet to perform new duties so it might <br>
not affect anything now.<br>
<br>
I'm clearing all of mine once a day till I find out more. Just a FYI.<br>
<br>
<br>
...mike/kb8jnm<br>
<br>
_______________________________________________<br>
App_rpt-users mailing list<br>
<a href="mailto:App_rpt-users@lists.allstarlink.org" rel="noreferrer noreferrer" target="_blank">App_rpt-users@lists.allstarlink.org</a><br>
<a href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer noreferrer noreferrer" target="_blank">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a><br>
<br>
To unsubscribe from this list please visit <a href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer noreferrer noreferrer" target="_blank">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"<br>
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. </blockquote></div>
</div></div><br>_______________________________________________<br>
App_rpt-users mailing list<br>
<a href="mailto:App_rpt-users@lists.allstarlink.org" target="_blank" rel="noreferrer">App_rpt-users@lists.allstarlink.org</a><br>
<a href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer noreferrer" target="_blank">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a><br>
<br>
To unsubscribe from this list please visit <a href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer noreferrer" target="_blank">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"<br>
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. <br></blockquote></div><br></div></div>
_______________________________________________<br>
App_rpt-users mailing list<br>
<a href="mailto:App_rpt-users@lists.allstarlink.org" target="_blank" rel="noreferrer">App_rpt-users@lists.allstarlink.org</a><br>
<a href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer noreferrer" target="_blank">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a><br>
<br>
To unsubscribe from this list please visit <a href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer noreferrer" target="_blank">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"<br>
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. </blockquote></div>