More that 500,000 routers in over 50 counties have been infected with malware that originated from Russian sources, say the FBI.
The malware has infected home and small business routers made by Linksys, Netgear, QNAP, TP-Link and Mikrotik.
The malware has been linked to Russian government hactivist’s, Reuters have suggested the Ukraine was the likely target of the attack.
Essentially the malware has the capability to record any information that passed through the router, it also contained code to destroy the router on command, presumably to prevent the malware being found.
Once a device is infected, the malware downloads additional code into memory to perform the packet recording. If this download fails, the malware awaits individual commands from the control server.
Cisco initially suggested performing a factory reset on the devices to erase the malware and return to a clean operating system. The FBI have later updated their advice to simply reboot the devices, this clears out the temporary code from RAM but leaves the initial malware in place, this will attempt to re-download the additional components from servers now under the control of the FBI. When this fails the malware will simply listen for commands from the C&C servers.
The American Justice Department statement.Â
Even if your router is not one of the models listed, it might be a good idea to perform a power cycle (power off, power on) of your device, and Cisco have advised that all SOHO (Small Office/Home Office) routers and NAS devices are cycled in this way to disrupt the malware.
Leave a Comment