writes: But you need to reset your router and change your passwords.
From Dominic Gwinn at wonkette:
Yesterday the DOJ announced that the FBI had taken control of a major server in a Kremlin-linked Russian botnet that has infected 500,000 home and office routers in 54 countries. Computer nerds and authorities believe this to be one of the missing pieces in the 2016 DNC hacking puzzle, and are urging people to reset both their home and office routers.
Known as VPNFilter, the malware infected routers from Linksys, MikroTik, NETGEAR, and TP-Link. (Yep, one of those is your router!) Once installed, the malware could quietly download add-ons that allow attackers to spy on incoming and outgoing Internet traffic, steal website credentials, and brick (AKA: kill) any infected hardware.
The FBI, DOJ, and nerds are recommending people immediately reset routers to wipe out potential infections, as well as installing firmware and software updates, and changing your passwords.
Some more detail, from
Both Cisco and Symantec are advising users of any of these devices to do a factory reset, a process that typically involves holding down a button in the back for five to 10 seconds. Unfortunately, these resets wipe all configuration settings stored in the device, so users will have to reenter the settings once the device restarts. At a minimum, Symantec said, users of these devices should reboot their devices. That will stop stages 2 and 3 from running, at least until stage 1 manages to reinstall them.
Users should also change all default passwords, be sure their devices are running the latest firmware, and, whenever possible, disable remote administration. (Netgear officials in the past few hours started advising users of "some" router models to turn off remote management. TP-Link officials, meanwhile, said they are investigating the Cisco findings.
There's no easy way to determine if a router has been infected. It's not yet clear if running the latest firmware and changing default passwords prevents infections in all cases. Cisco and Symantec said the attackers are exploiting known vulnerabilities, but given the general quality of IoT firmware, it may be possible the attackers are also exploiting zeroday flaws, which by definition device manufacturers have yet to fix.