FBI urging public to reboot routers to stop Russian malware

David Louie Image
Tuesday, May 29, 2018
VIDEOS: FBI urging public to reboot routers to stop Russian malware
EMBED <>More Videos

FBI agents say a sophisticated malware system linked to Russia has infected hundreds of thousands of internet routers.

SAN FRANCISCO (KGO) -- The FBI is urging the public to reboot their home routers, the device that is the gateway to the internet for a wide array of electronic devices, due to a major malware attack.

As many as 500,000 devices in 54 countries might be compromised.

The vulnerability is serious because the FBI says the malware, called "VPNFilter," can interrupt internet access, steal information from users, and use the device to spread malware.

The magnitude of the potential damage is growing because of IoT, the Internet of Things.

The number of devices in homes connected to the internet worldwide stands at 23 billion.

IoT started with computers, phones and tablets, but quickly has expanded to include voice-over-internet phone services, doorbells, security camera networks, thermostats, connected home devices such as Alexa, and even refrigerators.

VIDEO: How to reboot your router to avoid malware

Typically, consumer or small business grade routers do not have anti-virus protection. "They're designed to be remotely accessed, so in a sense, these are houses with front doors where they may be locked but they're not locked as securely as we might like them to be because they have to things -- bytes -- in and out," said technology analyst Larry Magid.

Magid tells ABC7 News that rebooting a home router is simple. For most devices, it entails unplugging the device for at least 10 seconds, then plugging it back in, then waiting for 30 seconds to a minute before restarting the device.

However, the FBI is also recommending that users upgrade their firmware and change the password.

Magid says that step will confound a high percentage of people because the router was installed by their internet service provider technician. "A lot of people have no idea what their password is, have no idea how to access the control panel to change their password or update the firm," said Magid.

The FBI has seized, with court approval, a website that appears to be the source of the malware distribution and control. It is suspected to have ties to Russia and, for several years, has been suspected of malicious targeting of sensitive technology used by government, the military, utility companies and others.

David Louie will have more on this developing story on ABC7 News at 6 p.m..

Here is a list of known affected routers, compiled and posted by Symantec:

  • Linksys (models E1200, E2500 & WRVS4400N)
  • Mikrotik RouterOS Versions for Cloud Core Routers (versions 1016, 1036 & 1072)
  • Netgear (models DGN2200, R6400, R7000, R8000, WNR1000 & WNR2000)
  • QNAP (models TS251 & TS439 Pro)
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

VIDEO: Why the FBI wants you to reboot your home internet router