Wonder if my doorstop G-router (with no WLAN security whatsoever) is vulnerable ...
Your home router may not be safe: VPNFilter malwar
- Thread starter OVERKILL
- Start date
- Status
Originally Posted By: OVERKILL
Originally Posted By: alarmguy
Again, dont get me wrong, Im big on security, but this is a small issue right now.
Yes, it is presently small, but the company that discovered it was concerned enough to release the information I provided in the OP.
I think really, that this brings into focus the bigger issue at play here, which is the rot-on-the-vine approach many of these companies take with the support for their devices, which is what allows this sort of thing to spread in the first place.
There are hundreds of known vulnerabilities in consumer router firmware from various manufacturers that will likely never be patched because that product is no longer "current". On top of that, even devices that are, most of them require manual updating, a process which most consumers are in no way familiar with.
This creates an environment that's conducive to developing this kind of malware, as you are dealing with known vulnerabilities managed by a user base that is predominantly clueless.
I dont disagree with you, but EVERYTHING is hackable. No such thing as 100% secure, every single institution is hacked sooner or later, including the highest levels of government with the most robust protection systems in the world.
I found your link VERY interesting and in it, it makes very clear, the hack was from Photobucket, if I understand it correctly, the hacks used Photobucket to load the malware into, Once again, it is the USER who downloaded the malware into their system.
Just like almost any hack, someone has to download it into your system.
This was using Photobucket downloads to load it into your router.
Anyway, I do agree with you, but I wont blame router companies etc, anything to do with the Internet and protection from attacks is like a huge umbrella as far as security, trying to stop every single raindrop from getting through but there is always one and there is ALWAYS someone who folds up the umbrella, makes a dash for it out of the rain hoping not to get wet.
)
Originally Posted By: alarmguy
Again, dont get me wrong, Im big on security, but this is a small issue right now.
Yes, it is presently small, but the company that discovered it was concerned enough to release the information I provided in the OP.
I think really, that this brings into focus the bigger issue at play here, which is the rot-on-the-vine approach many of these companies take with the support for their devices, which is what allows this sort of thing to spread in the first place.
There are hundreds of known vulnerabilities in consumer router firmware from various manufacturers that will likely never be patched because that product is no longer "current". On top of that, even devices that are, most of them require manual updating, a process which most consumers are in no way familiar with.
This creates an environment that's conducive to developing this kind of malware, as you are dealing with known vulnerabilities managed by a user base that is predominantly clueless.
I dont disagree with you, but EVERYTHING is hackable. No such thing as 100% secure, every single institution is hacked sooner or later, including the highest levels of government with the most robust protection systems in the world.
I found your link VERY interesting and in it, it makes very clear, the hack was from Photobucket, if I understand it correctly, the hacks used Photobucket to load the malware into, Once again, it is the USER who downloaded the malware into their system.
Just like almost any hack, someone has to download it into your system.
This was using Photobucket downloads to load it into your router.
Anyway, I do agree with you, but I wont blame router companies etc, anything to do with the Internet and protection from attacks is like a huge umbrella as far as security, trying to stop every single raindrop from getting through but there is always one and there is ALWAYS someone who folds up the umbrella, makes a dash for it out of the rain hoping not to get wet.
)
Last edited:
OVERKILL
$100 Site Donor 2021
Originally Posted By: alarmguy
I dont disagree with you, but EVERYTHING is hackable. No such thing as 100% secure, every single institution is hacked sooner or later, including the highest levels of government with the most robust protection systems in the world.
Sure, everything is potentially hackable, given the resources to discover the vulnerabilities. The difference here of course is that the devices in question are known-vulnerable, so that portion of it is already taken care of, and despite that fact, they haven't been patched.
Originally Posted By: alarmguy
I found your link VERY interesting and in it, it makes very clear, the hack was from Photobucket, if I understand it correctly, the hacks used Photobucket to load the malware into, Once again, it is the USER who downloaded the malware into their system.
Nope, give it another go-over, as indicated in the OP, they do not know, presently, how the stage 1 infection is getting onto the devices.
Once Stage 1 is installed:
Originally Posted By: TALOS
VPNFilter's stage 1 malware infects devices running firmware based on Busybox and Linux, and is compiled for several CPU architectures. The main purpose of these first-stage binaries is to locate a server providing a more fully featured second stage, and to download and maintain persistence for this next stage on infected devices. It is capable of modifying non-volatile configuration memory (NVRAM) values and adds itself to crontab, the Linux job scheduler, to achieve persistence.
Once it is initialized, it, not the user, connects to Photobucket (and another source if that fails) and downloads a photo, using, the EXIF information to obtain a server IP address as to where it can download Stage 2:
Originally Posted By: TALOS
Once the malware has completed initialization, it starts to download pages from the seed URLs. In the MIPS sample cache and all but one URL of the x86 sample, the URLs pointed to Photobucket.com, an image-sharing host. The malware downloads the first image from the gallery the URL is referencing, and then proceeds to extract the download server's IP address. The IP address is extracted from six integer values for GPS latitude and longitude in the EXIF information.
If it can't get to Photobucket, it connects to the other backup domain:
Originally Posted By: TALOS
If stage 1 fails to connect to, download an image from, or successfully acquire an IP address via an image from Photobucket, the malware reaches out to a backup domain, toknowall[.]com, to download an image and attempt the same process.
If that fails, it goes into listener mode, waiting for a trigger packet which will carry the updated IP address information as to where it can grab Stage 2:
Originally Posted By: TALOS
If the attempt to the backup domain fails, stage 1 opens a listener that waits for a specific trigger packet to open a connection for the actor to connect interactively to the device. When the listener opens, it checks its public IP from api.ipify[.]org and stores it for later comparison. Then, when any packet arrives on any port, the listener performs a series of checks to identify a trigger packet. If the packet meets a predefined set of criteria, it will extract an IP address from the packet and attempt a stage 2 download.
If this was user-initiated, it wouldn't carry the significance it does.
I dont disagree with you, but EVERYTHING is hackable. No such thing as 100% secure, every single institution is hacked sooner or later, including the highest levels of government with the most robust protection systems in the world.
Sure, everything is potentially hackable, given the resources to discover the vulnerabilities. The difference here of course is that the devices in question are known-vulnerable, so that portion of it is already taken care of, and despite that fact, they haven't been patched.
Originally Posted By: alarmguy
I found your link VERY interesting and in it, it makes very clear, the hack was from Photobucket, if I understand it correctly, the hacks used Photobucket to load the malware into, Once again, it is the USER who downloaded the malware into their system.
Nope, give it another go-over, as indicated in the OP, they do not know, presently, how the stage 1 infection is getting onto the devices.
Once Stage 1 is installed:
Originally Posted By: TALOS
VPNFilter's stage 1 malware infects devices running firmware based on Busybox and Linux, and is compiled for several CPU architectures. The main purpose of these first-stage binaries is to locate a server providing a more fully featured second stage, and to download and maintain persistence for this next stage on infected devices. It is capable of modifying non-volatile configuration memory (NVRAM) values and adds itself to crontab, the Linux job scheduler, to achieve persistence.
Once it is initialized, it, not the user, connects to Photobucket (and another source if that fails) and downloads a photo, using, the EXIF information to obtain a server IP address as to where it can download Stage 2:
Originally Posted By: TALOS
Once the malware has completed initialization, it starts to download pages from the seed URLs. In the MIPS sample cache and all but one URL of the x86 sample, the URLs pointed to Photobucket.com, an image-sharing host. The malware downloads the first image from the gallery the URL is referencing, and then proceeds to extract the download server's IP address. The IP address is extracted from six integer values for GPS latitude and longitude in the EXIF information.
If it can't get to Photobucket, it connects to the other backup domain:
Originally Posted By: TALOS
If stage 1 fails to connect to, download an image from, or successfully acquire an IP address via an image from Photobucket, the malware reaches out to a backup domain, toknowall[.]com, to download an image and attempt the same process.
If that fails, it goes into listener mode, waiting for a trigger packet which will carry the updated IP address information as to where it can grab Stage 2:
Originally Posted By: TALOS
If the attempt to the backup domain fails, stage 1 opens a listener that waits for a specific trigger packet to open a connection for the actor to connect interactively to the device. When the listener opens, it checks its public IP from api.ipify[.]org and stores it for later comparison. Then, when any packet arrives on any port, the listener performs a series of checks to identify a trigger packet. If the packet meets a predefined set of criteria, it will extract an IP address from the packet and attempt a stage 2 download.
If this was user-initiated, it wouldn't carry the significance it does.
OVERKILL
$100 Site Donor 2021
Originally Posted By: MONKEYMAN
Just replaced an old Netgear router with a TP-Link. When it comes to security it seems nothing is secure.
There are some well-maintained, reasonably inexpensive firewalls out there that are typically immune to these sorts of things and if they aren't, are quickly patched.
Some examples:
- DELL SonicWall series
- SOPHOS XG 85
- Check Point 700-series appliances
- Fortinet Fortigate Entry-level series
You can also pick up some more expensive options used on E-Bay like a Cisco ASA or Juniper SSG, but there's a bit of the learning curve to the configuration (though the ASA has a GUI and is thus easier to setup than an ISR) which is why I tend to recommend the Sonicwall and similar to those looking to replace a typical consumer-grade device.
Just replaced an old Netgear router with a TP-Link. When it comes to security it seems nothing is secure.
There are some well-maintained, reasonably inexpensive firewalls out there that are typically immune to these sorts of things and if they aren't, are quickly patched.
Some examples:
- DELL SonicWall series
- SOPHOS XG 85
- Check Point 700-series appliances
- Fortinet Fortigate Entry-level series
You can also pick up some more expensive options used on E-Bay like a Cisco ASA or Juniper SSG, but there's a bit of the learning curve to the configuration (though the ASA has a GUI and is thus easier to setup than an ISR) which is why I tend to recommend the Sonicwall and similar to those looking to replace a typical consumer-grade device.
OVERKILL
$100 Site Donor 2021
Originally Posted By: ZeeOSix
If this infection does happen, I wonder if any anti-virus / anti-malware programs will detect an attack on the computer?
There must be some way to detect infection activity and stop it ASAP.
Only the stage 2 and stage 3 infections MIGHT go after devices connected to the network. Something running inside your network would have no way of knowing that the WAN-side of your router is being targeted. So software running on your internal devices is useless in terms of potential mitigation of the threat to the WAN-facing device.
If this infection does happen, I wonder if any anti-virus / anti-malware programs will detect an attack on the computer?
There must be some way to detect infection activity and stop it ASAP.
Only the stage 2 and stage 3 infections MIGHT go after devices connected to the network. Something running inside your network would have no way of knowing that the WAN-side of your router is being targeted. So software running on your internal devices is useless in terms of potential mitigation of the threat to the WAN-facing device.
Originally Posted By: JustinH
Interesting, just got rid of my tplink router, and have an asus with DD-WRT, patched to the 4/2018 release.
Your TP Link wasnt one of the routers mentioned.
Interesting, just got rid of my tplink router, and have an asus with DD-WRT, patched to the 4/2018 release.
Your TP Link wasnt one of the routers mentioned.
Originally Posted By: MONKEYMAN
Just replaced an old Netgear router with a TP-Link. When it comes to security it seems nothing is secure.
It doesnt matter, your TP-Link was NOT an affected router.
Sometimes we need (for our own good) to read the factual information. I noticed the TP Link comments in here and I am sure goes for other routers and I am sure again, other routers not even mentioned are affected.
Only one known TP Link router was affected and I can say for 100% sure no one in this forum has ever had one, never will or even knows it exists.
The TP link model affected is - TP-Link SafeStream TL-R600VPN
Compare the above to the Netgear and Linksys routers affect and I can say 100% for sure someone here is using them.
Here is the full list as posted in the link from Overkill
"Given our observations with this threat, we assess with high confidence that this list is incomplete and other devices could be affected."
LINKSYS DEVICES:
E1200
E2500
WRVS4400N
MIKROTIK ROUTEROS VERSIONS FOR CLOUD CORE ROUTERS:
1016
1036
1072
NETGEAR DEVICES:
DGN2200
R6400
R7000
R8000
WNR1000
WNR2000
QNAP DEVICES:
TS251
TS439 Pro
Other QNAP NAS devices running QTS software
TP-LINK DEVICES:
R600VPN
Again, not at all discounting any security threat, always smart to be prudent but the fact is a hacker is not looking to invade your home computer in this way.
Business systems sure, maybe, but as a homeowner your not at all worth the money and time spent for a possible little return.
When hackers go after homeowners, they are a dime a dozen, the people who willingly click on links and give out personal information, they do not even need to be hacked until they willingly give up the information!.
Ps. disclosure, I am in no way an expert on any of this, but If the average homeowner would just be careful they would be safe, routers hacks are not coming after you. Again, be smart no matter what kind of router you have, also keep the firmware updated, or just throw it out and get a new one.
Just replaced an old Netgear router with a TP-Link. When it comes to security it seems nothing is secure.
It doesnt matter, your TP-Link was NOT an affected router.
Sometimes we need (for our own good) to read the factual information. I noticed the TP Link comments in here and I am sure goes for other routers and I am sure again, other routers not even mentioned are affected.
Only one known TP Link router was affected and I can say for 100% sure no one in this forum has ever had one, never will or even knows it exists.
The TP link model affected is - TP-Link SafeStream TL-R600VPN
Compare the above to the Netgear and Linksys routers affect and I can say 100% for sure someone here is using them.
Here is the full list as posted in the link from Overkill
"Given our observations with this threat, we assess with high confidence that this list is incomplete and other devices could be affected."
LINKSYS DEVICES:
E1200
E2500
WRVS4400N
MIKROTIK ROUTEROS VERSIONS FOR CLOUD CORE ROUTERS:
1016
1036
1072
NETGEAR DEVICES:
DGN2200
R6400
R7000
R8000
WNR1000
WNR2000
QNAP DEVICES:
TS251
TS439 Pro
Other QNAP NAS devices running QTS software
TP-LINK DEVICES:
R600VPN
Again, not at all discounting any security threat, always smart to be prudent but the fact is a hacker is not looking to invade your home computer in this way.
Business systems sure, maybe, but as a homeowner your not at all worth the money and time spent for a possible little return.
When hackers go after homeowners, they are a dime a dozen, the people who willingly click on links and give out personal information, they do not even need to be hacked until they willingly give up the information!.
Ps. disclosure, I am in no way an expert on any of this, but If the average homeowner would just be careful they would be safe, routers hacks are not coming after you. Again, be smart no matter what kind of router you have, also keep the firmware updated, or just throw it out and get a new one.
Last edited:
OVERKILL
$100 Site Donor 2021
Originally Posted By: alarmguy
It doesnt matter, your TP-Link was NOT an affected router.
The list was indicated as being incomplete. We really don't know the scope of the affected devices yet at this point. I'd say exercising caution regardless is prudent, making sure your device is up-to-date regardless of whether it is on the list or not. Anything based on Linux and BusyBox is potentially vulnerable.
Originally Posted By: alarmguy
Again, not at all discounting any security threat, always smart to be prudent but the fact is a hacker is not looking to invade your home computer in this way.
Business systems sure, maybe, but as a homeowner your not at all worth the money and time spent for a possible little return.
When hackers go after homeowners, they are a dime a dozen, the people who willingly click on links and give out personal information, they do not even need to be hacked until they willingly give up the information!.
Ps. disclosure, I am in no way an expert on any of this, but If the average homeowner would just be careful they would be safe, routers hacks are not coming after you. Again, be smart no matter what kind of router you have, also keep the firmware updated, or just throw it out and get a new one.
This software, and malware like it, is developed to be hands-off. It isn't "a hacker" targeting a user like they might target a specific business that is an "of significant value" target. The primary purpose for much of the stuff that goes after home users is to get usernames and passwords as well as personal information like credit card numbers that go into a big database that can be sold or for the purposes of identity theft.
Most of the garbage that ends up on home user computers isn't targeted period. It's software that is almost entirely autonomous that creates botnets that can be manipulated/instructed in whole or in part via a single manageability platform, which has, historically, been IRC. These bots can data mine, be used for DDOS, perform cryptomining and a wide variety of other tasks.
It doesnt matter, your TP-Link was NOT an affected router.
The list was indicated as being incomplete. We really don't know the scope of the affected devices yet at this point. I'd say exercising caution regardless is prudent, making sure your device is up-to-date regardless of whether it is on the list or not. Anything based on Linux and BusyBox is potentially vulnerable.
Originally Posted By: alarmguy
Again, not at all discounting any security threat, always smart to be prudent but the fact is a hacker is not looking to invade your home computer in this way.
Business systems sure, maybe, but as a homeowner your not at all worth the money and time spent for a possible little return.
When hackers go after homeowners, they are a dime a dozen, the people who willingly click on links and give out personal information, they do not even need to be hacked until they willingly give up the information!.
Ps. disclosure, I am in no way an expert on any of this, but If the average homeowner would just be careful they would be safe, routers hacks are not coming after you. Again, be smart no matter what kind of router you have, also keep the firmware updated, or just throw it out and get a new one.
This software, and malware like it, is developed to be hands-off. It isn't "a hacker" targeting a user like they might target a specific business that is an "of significant value" target. The primary purpose for much of the stuff that goes after home users is to get usernames and passwords as well as personal information like credit card numbers that go into a big database that can be sold or for the purposes of identity theft.
Most of the garbage that ends up on home user computers isn't targeted period. It's software that is almost entirely autonomous that creates botnets that can be manipulated/instructed in whole or in part via a single manageability platform, which has, historically, been IRC. These bots can data mine, be used for DDOS, perform cryptomining and a wide variety of other tasks.
Thanks Alarm Guy. I retired the Netgear R6400 after the family member in my hacked thread allowed someone to remote control her computer. So the TP Link looks safe, but I still have the same family member operating a newly configured computer. I need a patch for that.
Originally Posted By: OVERKILL
Originally Posted By: alarmguy
It doesnt matter, your TP-Link was NOT an affected router.
The list was indicated as being incomplete. We really don't know the scope of the affected devices yet at this point. I'd say exercising caution regardless is prudent, making sure your device is up-to-date regardless of whether it is on the list or not. Anything based on Linux and BusyBox is potentially vulnerable.
Originally Posted By: alarmguy
Again, not at all discounting any security threat, always smart to be prudent but the fact is a hacker is not looking to invade your home computer in this way.
Business systems sure, maybe, but as a homeowner your not at all worth the money and time spent for a possible little return.
When hackers go after homeowners, they are a dime a dozen, the people who willingly click on links and give out personal information, they do not even need to be hacked until they willingly give up the information!.
Ps. disclosure, I am in no way an expert on any of this, but If the average homeowner would just be careful they would be safe, routers hacks are not coming after you. Again, be smart no matter what kind of router you have, also keep the firmware updated, or just throw it out and get a new one.
This software, and malware like it, is developed to be hands-off. It isn't "a hacker" targeting a user like they might target a specific business that is an "of significant value" target. The primary purpose for much of the stuff that goes after home users is to get usernames and passwords as well as personal information like credit card numbers that go into a big database that can be sold or for the purposes of identity theft.
Most of the garbage that ends up on home user computers isn't targeted period. It's software that is almost entirely autonomous that creates botnets that can be manipulated/instructed in whole or in part via a single manageability platform, which has, historically, been IRC. These bots can data mine, be used for DDOS, perform cryptomining and a wide variety of other tasks.
I agree with you, it pays to be prudent.
My posts were for those who are panicking, thinking they might have this or that router or this brand or not.
As stated the list is not complete therefore is doenst matter what router anyone has out of the thousands out there, even though the posts by one or two people mentioned that they have a TP LInk, which was mentioned in the article you posted, I wanted to reassure them, they are as safe with the TP Link router they have just as much as any other router, as only one TP link router was mentioned and that model is not even a commonly used router (if at all) that a homeowner would use.
Add to the above, if you do have one of the affected routers and I will say I would not be happy about it but I am sure, if its a modern one you will be able to update the firmware, YET, the FBI or whoever is saying a simple reboot will take care of the issue. Again, Im not as up to date as you, just posting for those who may have a TP LINK router, model number listed isnt really a commonly used home router. Much worse for Netgear and others.
Originally Posted By: alarmguy
It doesnt matter, your TP-Link was NOT an affected router.
The list was indicated as being incomplete. We really don't know the scope of the affected devices yet at this point. I'd say exercising caution regardless is prudent, making sure your device is up-to-date regardless of whether it is on the list or not. Anything based on Linux and BusyBox is potentially vulnerable.
Originally Posted By: alarmguy
Again, not at all discounting any security threat, always smart to be prudent but the fact is a hacker is not looking to invade your home computer in this way.
Business systems sure, maybe, but as a homeowner your not at all worth the money and time spent for a possible little return.
When hackers go after homeowners, they are a dime a dozen, the people who willingly click on links and give out personal information, they do not even need to be hacked until they willingly give up the information!.
Ps. disclosure, I am in no way an expert on any of this, but If the average homeowner would just be careful they would be safe, routers hacks are not coming after you. Again, be smart no matter what kind of router you have, also keep the firmware updated, or just throw it out and get a new one.
This software, and malware like it, is developed to be hands-off. It isn't "a hacker" targeting a user like they might target a specific business that is an "of significant value" target. The primary purpose for much of the stuff that goes after home users is to get usernames and passwords as well as personal information like credit card numbers that go into a big database that can be sold or for the purposes of identity theft.
Most of the garbage that ends up on home user computers isn't targeted period. It's software that is almost entirely autonomous that creates botnets that can be manipulated/instructed in whole or in part via a single manageability platform, which has, historically, been IRC. These bots can data mine, be used for DDOS, perform cryptomining and a wide variety of other tasks.
I agree with you, it pays to be prudent.
My posts were for those who are panicking, thinking they might have this or that router or this brand or not.
As stated the list is not complete therefore is doenst matter what router anyone has out of the thousands out there, even though the posts by one or two people mentioned that they have a TP LInk, which was mentioned in the article you posted, I wanted to reassure them, they are as safe with the TP Link router they have just as much as any other router, as only one TP link router was mentioned and that model is not even a commonly used router (if at all) that a homeowner would use.
Add to the above, if you do have one of the affected routers and I will say I would not be happy about it but I am sure, if its a modern one you will be able to update the firmware, YET, the FBI or whoever is saying a simple reboot will take care of the issue. Again, Im not as up to date as you, just posting for those who may have a TP LINK router, model number listed isnt really a commonly used home router. Much worse for Netgear and others.
Originally Posted By: MONKEYMAN
Thanks Alarm Guy. I retired the Netgear R6400 after the family member in my hacked thread allowed someone to remote control her computer. So the TP Link looks safe, but I still have the same family member operating a newly configured computer. I need a patch for that.
The biggest danger to internet security is ALWAYS ourselves or "family" members who go to roque websites, download or open files contained emails etc.
Nothing urgent ever comes in an email and that is where people are fooled into clicking.
IN fact almost every major breach has been someone opening an attachment and it DOES at times, take down entire companies, sometimes for days, or cities like Atlanta.
Thanks Alarm Guy. I retired the Netgear R6400 after the family member in my hacked thread allowed someone to remote control her computer. So the TP Link looks safe, but I still have the same family member operating a newly configured computer. I need a patch for that.
The biggest danger to internet security is ALWAYS ourselves or "family" members who go to roque websites, download or open files contained emails etc.
Nothing urgent ever comes in an email and that is where people are fooled into clicking.
IN fact almost every major breach has been someone opening an attachment and it DOES at times, take down entire companies, sometimes for days, or cities like Atlanta.
Last edited:
OVERKILL
$100 Site Donor 2021
Originally Posted By: alarmguy
I agree with you, it pays to be prudent.
My posts were for those who are panicking, thinking they might have this or that router or this brand or not.
As stated the list is not complete therefore is doenst matter what router anyone has out of the thousands out there, even though the posts by one or two people mentioned that they have a TP LInk, which was mentioned in the article you posted, I wanted to reassure them, they are as safe with the TP Link router they have just as much as any other router, as only one TP link router was mentioned and that model is not even a commonly used router (if at all) that a homeowner would use.
I know what you are saying
I guess we approach these things from opposed positions. I read something like this and I assume any device running the affected software is vulnerable, regardless of whether it is on the list or not until there is proof to the contrary.
Originally Posted By: alarmguy
Add to the above, if you do have one of the affected routers and I will say I would not be happy about it but I am sure, if its a modern one you will be able to update the firmware, YET, the FBI or whoever is saying a simple reboot will take care of the issue. Again, Im not as up to date as you, just posting for those who may have a TP LINK router, model number listed isnt really a commonly used home router. Much worse for Netgear and others.
A reboot will wipe-out any Stage 2 infection, as it does not persist. Since the FBI has taken down the primary Stage 2 server, I think they are assuming that this will mostly work to mitigate reinfection. Of course the 3rd mode, listener, will still remain active, as a reboot does NOT eliminate a Stage 1 infection so in theory, a series of "magic packets" with an updated Stage 2 server could be seeded to update these infected devices and giving them an active Stage 2 infection again. And of course there's also the possibility that an updated version of the malware ships with a revised Stage 2 location query.
I agree with you, it pays to be prudent.
My posts were for those who are panicking, thinking they might have this or that router or this brand or not.
As stated the list is not complete therefore is doenst matter what router anyone has out of the thousands out there, even though the posts by one or two people mentioned that they have a TP LInk, which was mentioned in the article you posted, I wanted to reassure them, they are as safe with the TP Link router they have just as much as any other router, as only one TP link router was mentioned and that model is not even a commonly used router (if at all) that a homeowner would use.
I know what you are saying
Originally Posted By: alarmguy
Add to the above, if you do have one of the affected routers and I will say I would not be happy about it but I am sure, if its a modern one you will be able to update the firmware, YET, the FBI or whoever is saying a simple reboot will take care of the issue. Again, Im not as up to date as you, just posting for those who may have a TP LINK router, model number listed isnt really a commonly used home router. Much worse for Netgear and others.
A reboot will wipe-out any Stage 2 infection, as it does not persist. Since the FBI has taken down the primary Stage 2 server, I think they are assuming that this will mostly work to mitigate reinfection. Of course the 3rd mode, listener, will still remain active, as a reboot does NOT eliminate a Stage 1 infection so in theory, a series of "magic packets" with an updated Stage 2 server could be seeded to update these infected devices and giving them an active Stage 2 infection again. And of course there's also the possibility that an updated version of the malware ships with a revised Stage 2 location query.
OVERKILL
$100 Site Donor 2021
Originally Posted By: alarmguy
Originally Posted By: MONKEYMAN
Thanks Alarm Guy. I retired the Netgear R6400 after the family member in my hacked thread allowed someone to remote control her computer. So the TP Link looks safe, but I still have the same family member operating a newly configured computer. I need a patch for that.
The biggest danger to internet security is ALWAYS ourselves or "family" members who go to roque websites, download or open files contained emails etc.
Nothing urgent ever comes in an email and that is where people are fooled into clicking.
IN fact almost every major breach has been someone opening an attachment and it DOES at times, take down entire companies, sometimes for days, or cities like Atlanta.
Yes, the biggest vulnerability is always positioned between the chair and the screen
Originally Posted By: MONKEYMAN
Thanks Alarm Guy. I retired the Netgear R6400 after the family member in my hacked thread allowed someone to remote control her computer. So the TP Link looks safe, but I still have the same family member operating a newly configured computer. I need a patch for that.
The biggest danger to internet security is ALWAYS ourselves or "family" members who go to roque websites, download or open files contained emails etc.
Nothing urgent ever comes in an email and that is where people are fooled into clicking.
IN fact almost every major breach has been someone opening an attachment and it DOES at times, take down entire companies, sometimes for days, or cities like Atlanta.
Yes, the biggest vulnerability is always positioned between the chair and the screen
Originally Posted By: OVERKILL
Originally Posted By: alarmguy
Originally Posted By: MONKEYMAN
Thanks Alarm Guy. I retired the Netgear R6400 after the family member in my hacked thread allowed someone to remote control her computer. So the TP Link looks safe, but I still have the same family member operating a newly configured computer. I need a patch for that.
The biggest danger to internet security is ALWAYS ourselves or "family" members who go to roque websites, download or open files contained emails etc.
Nothing urgent ever comes in an email and that is where people are fooled into clicking.
IN fact almost every major breach has been someone opening an attachment and it DOES at times, take down entire companies, sometimes for days, or cities like Atlanta.
Yes, the biggest vulnerability is always positioned between the chair and the screen
What we used to call an " eye dee ten tee" error (ID10T)
Originally Posted By: alarmguy
Originally Posted By: MONKEYMAN
Thanks Alarm Guy. I retired the Netgear R6400 after the family member in my hacked thread allowed someone to remote control her computer. So the TP Link looks safe, but I still have the same family member operating a newly configured computer. I need a patch for that.
The biggest danger to internet security is ALWAYS ourselves or "family" members who go to roque websites, download or open files contained emails etc.
Nothing urgent ever comes in an email and that is where people are fooled into clicking.
IN fact almost every major breach has been someone opening an attachment and it DOES at times, take down entire companies, sometimes for days, or cities like Atlanta.
Yes, the biggest vulnerability is always positioned between the chair and the screen
What we used to call an " eye dee ten tee" error (ID10T)
OVERKILL
$100 Site Donor 2021
Originally Posted By: BeerCan
Originally Posted By: OVERKILL
Originally Posted By: alarmguy
Originally Posted By: MONKEYMAN
Thanks Alarm Guy. I retired the Netgear R6400 after the family member in my hacked thread allowed someone to remote control her computer. So the TP Link looks safe, but I still have the same family member operating a newly configured computer. I need a patch for that.
The biggest danger to internet security is ALWAYS ourselves or "family" members who go to roque websites, download or open files contained emails etc.
Nothing urgent ever comes in an email and that is where people are fooled into clicking.
IN fact almost every major breach has been someone opening an attachment and it DOES at times, take down entire companies, sometimes for days, or cities like Atlanta.
Yes, the biggest vulnerability is always positioned between the chair and the screen
What we used to call an " eye dee ten tee" error (ID10T)
Yup, there are a few of them, another was PEBKAC
Originally Posted By: OVERKILL
Originally Posted By: alarmguy
Originally Posted By: MONKEYMAN
Thanks Alarm Guy. I retired the Netgear R6400 after the family member in my hacked thread allowed someone to remote control her computer. So the TP Link looks safe, but I still have the same family member operating a newly configured computer. I need a patch for that.
The biggest danger to internet security is ALWAYS ourselves or "family" members who go to roque websites, download or open files contained emails etc.
Nothing urgent ever comes in an email and that is where people are fooled into clicking.
IN fact almost every major breach has been someone opening an attachment and it DOES at times, take down entire companies, sometimes for days, or cities like Atlanta.
Yes, the biggest vulnerability is always positioned between the chair and the screen
What we used to call an " eye dee ten tee" error (ID10T)
Yup, there are a few of them, another was PEBKAC
OVERKILL
$100 Site Donor 2021
Originally Posted By: MONKEYMAN
Originally Posted By: OVERKILL
Yup, there are a few of them, another was PEBKAC
Is this the meaning? Problem exists between keyboard and chair. If so, I can relate.
Yup!
Originally Posted By: OVERKILL
Yup, there are a few of them, another was PEBKAC
Is this the meaning? Problem exists between keyboard and chair. If so, I can relate.
Yup!
- Status
Similar threads
