Your modem could be at risk – again

It is not only US and UK elections that the Russians meddle with, they are also after your router.

Last month the FBI started asking everyone to reboot their routers in order to flush out a virus that the Russians had been sending modems all over the world.

In the beginning it was thought this was a minor, local and very specific problem that could be sorted by simply rebooting the modem.

However, it has now been discovered that this infection has a much further reach than first imagined and it has been estimated that as many as 500,000 Australian homes and businesses will be at risk.

I know what you are saying to the screen right now… “But I have a Mac and they don’t get viruses!”

Sadly, this is not a matter of Windows and Mac or viruses… but rather the firmware of that little box under your desk or telephone on the kitchen bench, the one with the blinking lights,  – the modem itself.

But don’t worry, like all things (including presidential elections) there is a fix.

First, we have to see if your modem is even on the radar.

The make and model of the modem is usually on a sticker on the underside of the modem, have a look and see if it matches any of the makes and models on this list. I will wait here…

Asus

RT-AC66U 

RT-N10 

RT-N10E 

RT-N10U 

RT-N56U 

RT-N66U 

D-Link

DES-1210-08P 

DIR-300 

DIR-300A 

DSR-250N 

DSR-500N 

DSR-1000 

DSR-1000N 

Huawei (often used by Optus and iiNet)

HG8245 

Linksys

E1200

E2500

E3000 

E3200 

E4200 

RV082 

WRVS4400N

Mikrotik

CCR1009 

CCR1016

CCR1036

CCR1072

CRS109 

CRS112 

CRS125 

RB411 

RB450 

RB750 

RB911 

RB921 

RB941 

RB951 

RB952 

RB960 

RB962 

RB1100 

RB1200 

RB2011 

RB3011 

RB Groove 

RB Omnitik 

STX5 

Netgear (very common in Australia)

DG834 

DGN1000 

DGN2200

DGN3500 

FVS318N 

MBRN3000 

R6400

R7000

R8000

WNR1000

WNR2000

WNR2200 

WNR4000 

WNDR3700 

WNDR4000 

WNDR4300 

WNDR4300-TN 

UTM50 

QNAP

TS251

TS439 Pro

TP-Link

R600VPN

TL-WR741ND 

TL-WR841N 

Ubiquiti

NSM2 

PBE M5 

ZTE

ZXHN H108N 

So, if you find you are on the list, don’t panic… it doesn’t mean you HAVE been infected.

Next step is to run a little tool from Symantec that will test your modem and tell you if in fact you have been hacked. I’d suggest a stiff drink on hand, just in case.

The tool in question can be found here:

http://www.symantec.com/filtercheck/

So, what to do if you have the all clear? Have that drink! and make a note to upgrade the firmware on your modem. You can either do this yourself, via your telco or give us a call and we’ll arrange a visit.

What do if you are infected? Turn off the modem. Have that drink (and maybe another) and give us a call.

From here your modem needs to be erased and reset up and it’s firmware updated. Unfortunately this can be a rather painful experience as all your wireless devices will need to be reconnected to the network, but its the only way to be sure that the infection is removed and doesn’t come back… until the next backdoor is found that is.

Good luck.

Permanent link to this article: https://macservicesact.com.au/your-modem-could-be-at-risk-again/

3 comments

    • John Martin on July 18, 2018 at 9:45 PM
    • Reply

    Renny hi

    Just a quick note to say thank you for this warning and every other one you post – along with the good advice….

    Cheers

    John Martin
    Upton Martin Consulting

    • Aart Groothuis on July 19, 2018 at 10:01 AM
    • Reply

    Hi Renny,
    I guess that your latest post will be creating some mail traffic.
    My question is what does this virus do when you have got it?
    I think we have escaped. We have an iiNet provided HG658.
    Thank you for your vigilance and good work.
    Aart

    1. Basically it steals data

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.