General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsF.B.I.'s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware
https://mobile.nytimes.com/2018/05/27/technology/router-fbi-reboot-malware.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=first-column-region®ion=top-news&WT.nav=top-newsMay 27, 2018
Hoping to thwart a sophisticated malware system linked to Russia that has infected hundreds of thousands of internet routers, the F.B.I. has made an urgent request to anybody with one of the devices: Turn it off, and then turn it back on.
The malware is capable of blocking web traffic, collecting information that passes through home and office routers, and disabling the devices entirely, the bureau announced on Friday.
A global network of hundreds of thousands of routers is already under the control of the Sofacy Group, the Justice Department said last week. That group, which is also known as A.P.T. 28 and Fancy Bear and believed to be directed by Russias military intelligence agency, hacked the Democratic National Committee ahead of the 2016 presidential election, according to American and European intelligence agencies.
The F.B.I. has several recommendations for any owner of a small office or home office router. The simplest thing to do is reboot the device, which will temporarily disrupt the malware if it is present. Users are also advised to upgrade the devices firmware and to select a new secure password. If any remote-management settings are in place, the F.B.I. suggests disabling them.
..more..
PoindexterOglethorpe
(25,812 posts)I'm not aware of having a router, but I do have a modem. It has been rebooted several times in the last couple of years, plus the one I have now was new as of a year or less ago.
IronLionZion
(45,380 posts)you might have a wireless router that connects your wifi devices to your home network. If you only have a modem, then the router would be at your internet service provider, they would have to reboot it on their end.
It can happen to anyone. I'm very careful and have several layers of protection and still managed to get my browser hijacked by a proxy server, of which I noticed only because webpages were loading slower than usual.
ksoze
(2,068 posts)Cable routers are what need to be rebooted. For many, this box provides the connection to the internet through their cable provider who is the ISP as well as provides the wireless connections to the local devices at home.
Progressive dog
(6,898 posts)during the March storm. Just checked and fixed now. Fortunately, no internet access to router operation and complex password on wireless access. Thanks
liberalmuse
(18,671 posts)Not sure if it was the Russians. Manually entering my DNS settings appears to have stopped it, but I still check to ensure my DNS settings are correct and scan for malware. I use a Mac. I could tell something was amiss because my devices were slowly loading or failing to connect to pages.
Comcast combos are easy to hijack and the hijack usually happens if your router loses its connection from a brief outage and reboots. Some claim it is actually computer malware, but my mobile devices were affected in a couple instances. Rebooting the router, sometimes multiple times usually resolves the issue (until they hijack you again.) If you see a web address other than your providers in your DNS settings, like utopia.net, for example, which is the address I was seeing, you are being rerouted to a rogue server.
Its a good idea to up your network security.
LiberalArkie
(15,703 posts)Qutzupalotl
(14,285 posts)forgotmylogin
(7,519 posts)I used to have Charter Spectrum and used my own Apple Airport router. When I switched to AT&T they said "you can't use that" (grrr!!!) and the installer said he'd be happy to put in their thing at no extra cost.
It does what it's supposed to, but the network password is on a sticker on the device and I was told not to change it or "It becomes a tech support problem"... I've never even looked at the setup.
I'd guess AT&T would handle this since it's basically their thing...but I suppose I can just unplug the thing for ten minutes and restart it like I don't know what I'm doing?
Lars39
(26,106 posts)and name and our wifi is hidden.
forgotmylogin
(7,519 posts)I wonder if it's just scaremongering that they tell you not to mess with it.
Lars39
(26,106 posts)like he snoops around or something. Not sure what was said to make him suspicious, though.