The FBI has seized control of a Russian botnet which was infecting small office and home routers across the world. The FBI does not know exactly what routers are affected, but routers from Linksys, Cisco, Dlink and others have been confirmed as vulnerable.
The malware, which has so far infected at least 500,000 small office and home office routers in 54 countries, has a destructive capability that can render an infected device unusable.
It can be triggered on individual victim machines or en-masse and has the potential of cutting off internet access for hundreds of thousands of victims worldwide. It’s linked to the Sofacy Group, aka Fancy Bear and APT 28, a sophisticated cyber-espionage hacking group backed by the Russian military intelligence agency.
To protect your router, the FBI recommends that you:
1. Reboot your router. Unplug it, count to 5 and plug it back in.
2. Change default passwords. Connect to the router using your web browser, usually https://192.168.16.1, but you
may have to find your default gateway by running ipconfig /all, from a command prompt
3. Update the firmware. Log into the router using your web browser (see above) and find the setting to update firmware/software.
Rebooting the router will remove most of the malware, but you will need to change the password (if it is a default password) and update the firmware in order to prevent reinfection.
If you would like to read more about this, click here.