This is a Fast-Air Tech Talk security notice. The Tech Talk security notice is a free service for all Fast-Air customers. Please suggest security notice topics.

In the news are reports of malware known as VPNFilter that is designed to infect routers. Estimates of infected routers range from 500,000 to 1 million devices. The malware is designed to steal information and can permanently destroy a router when commanded. While certain types of routers have been targeted, possibly any type of router is a target.

The command and control servers for the malware have been seized, which should for now stop the malware from doing possible damage.

Owners of a router, whether at home or business, are being urged to power down or reboot their device to purge most of the malware. Powering down or rebooting does not fully purge the malware, but with the command and control servers being seized the malware will be rendered ineffective.

Many routers do not come with a power switch. To power down such a router, pull the power cube converter from the wall receptacle or the related jack on the router. Wait for at least 30 seconds before restoring power.

A soft reboot is possible with all routers by using the web browser interface.

Powering down or a soft reboot are recommended for non technical users rather than restarting using a built-in push-button reset switch. The push-button reset switch is recessed and typically requires a pen or pencil tip to press.

To fully purge the malware from an infected router requires a full hardware reset, which means pressing the built-in push-button reset switch for the required time as recommended by each vendor. Be aware that a full hardware reset will lose all configurations in the router and might not be advisable for many non technical users. Perform a full hardware reset only with a backup in order to restore the configuration.

Detecting whether a router is infected is difficult for most users. How routers are being infected is unknown. Further precautions include:

1. Disable remote management access.
2. Ensure the firmware is updated.
3. Change the default login administration password.
4. Use a pass phrase with all wireless configurations.
5. Disable remote side SSH.
6. Disable remote side Telnet.
7. Disable UPnP.
8. Disable WPS.

• Author
• Recent Posts

Backwoods Geek

Backwoods Geek wrote his first computer program in 1977. He started using desktop computers in 1982 to write training and job aids. These days his home includes routers, switches, computers, a home theater PC, a laptop, and bluetooth phones. His professional career includes instrumentation and controls, computers, industrial training, technical writing, and teaching computer classes. Pastimes include sitting on the front porch, observing wildlife, cutting firewood, reading, watching movies, and tinkering with computers. He is uncomfortable around morning people until afternoon, likes dry and off-the-wall humor, and usually tells jokes with a straight face. He is a believer in the old adage that, "No matter where you go, there you are."

Latest posts by Backwoods Geek (see all)

• Free Gift Phishing Scams (Notice 2020-001) - January 15, 2020
• Tech Support Phone Scam (Notice 2019-001) - March 14, 2019
• VPNFilter Router Malware (Notice 2018-007) - May 30, 2018