Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

FBI warns public to reboot Wi-Fi routers to counter 'VPNFilter' malware

Roger Fingas |

The FBI is recommending power cycling Wi-Fi routers as a step to counter "foreign cyber actors" seeding malware known as "VPNFilter."

The malicious code can "perform multiple functions, including possible information collection, device exploitation, and blocking network traffic," according to the FBI's Internet Crime Complaint Center. It can potentially render routers inoperable, and is hard to detect due to use of encryption and "misattributable networks."

Rebooting a router won't kill the malware, but will temporarily disrupt it and may help identify affected hardware, the IC3 said. As a further precaution people may want to disable remote management, use original secure passwords, and make sure they've updated to the latest firmware.

Security firm Symantec indicates that activity suggests the target was originally Ukraine, and specifically industrial control systems. The malware "does not appear to be scanning and indiscriminately attempting to infect every vulnerable device globally," Symantec said.

Affected routers and NAS (network-attached storage) devices are known to include:

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

The Justice Department has identified the perpetrators as the "Sofacy Group," which goes by several other names and allegedly targets "government, military, security organizations, and other targets of perceived intelligence value." In trying to defeat VPNFilter, the U.S. has seized a domain associated with a Sofacy botnet.

At present, it does not appear that the AirPort family is affected.

Apple only recently got out of the router market, having let its AirPort line grow stagnant for several years. The company is instead promoting third-party products, particularly the Linksys Velop mesh system.

34 Comments

[Deleted User] 12 Years · 0 comments
About

Plot twist - the FBI has just INSTALLED it's own spyware and it needs a reboot to finalise installation. :wink: :lol: 

SpamSandwich 20 Years · 32917 comments
About

adm1 said:
Plot twist - the FBI has just INSTALLED it's own spyware and it needs a reboot to finalise installation. :wink: :lol: 

Regrettably, that’s just as likely.

4 Likes · 0 Dislikes
leavingthebigg 12 Years · 1291 comments
About

adm1 said:
Plot twist - the FBI has just INSTALLED it's own spyware and it needs a reboot to finalise installation. :wink: :lol: 

I had a similar thought a few days ago when reading about this reboot request on another site. 

seanismorris 9 Years · 1624 comments
About

“Rebooting the router” isn’t a solution.  That’s the best they could come up with?

3 Likes · 0 Dislikes
techpr 17 Years · 15 comments
About

At present, it does not appear that the AirPort family is affected.

Come on Apple. Save US from disaster!!! I will still use my 2 Airports until they die.

10 Likes · 0 Dislikes
Read More on our Forums ->
 

Top Stories

article thumbnail

Blowout deal: M2 Mac mini with 16GB RAM plunges to $499

article thumbnail

New CFO and iPhone holiday sales: What to expect from Apple's Q1 2025 earnings

article thumbnail

Steve Jobs unveiled the first iPhone 18 years ago

article thumbnail

Apple reaffirms privacy as a tentpole feature in Siri after lawsuit settlement

article thumbnail

iPad 11, iPad Air, iPhone SE 4 expected in April, despite January launch rumors

article thumbnail

iPhone SE, M4 MacBook Air & more: What to expect from Apple's loaded first half of 2025

article thumbnail

Price war: Apple's 15-inch MacBook Air 512GB falls to lowest price in 30 days