back to article FBI agents take aim at VPNFilter botnet, point finger at Russia, yell 'national security threat'

The FBI says it is taking steps to stop the spread of the VPNFilter malware and botnet, warning that it's a national security issue. The bureau's offensive includes seizing a domain believed to have been used as part of the command and control structure for VPNFilter's 500,000-strong network of infected routers and storage …

  1. onefang Silver badge
    WTF?

    "Removing that second layer will, however, force the device to try and reconnect to the command and control servers. The hope, says the FBI, is that by trying to reconnect the devices will give away the location of those servers, allowing for further takedowns and potentially letting them cripple the botnet entirely."

    So let me get this straight, the FBI wants every one to paint a big target on their chest that says "REINFECT ME!!", so that the ever watchful FBI agents can see where the bad guys are shooting from? Instead of, oh I dunno, doing that themselves with some of their own routers, coz actually protecting the innocent is a good thing.

  2. sanmigueelbeer Silver badge
    Stop

    FBI is shooting at the wrong people.

    FBI needs to convince the manufacturers (and coders) need to push out patches to fix the software. IF they won't then they can be blacklisted from selling their goods from the US market.

    1. Ole Juul Silver badge

      wrong people

      There seems to be a double standard here. If this was a matter of interest to the MPAA or other Holywood rights organisation, then the router makers would soon be found complicit and blocked from the market. I'm not suggesting they should be, but do think they have more responsibility than they're willing to accept.

    2. msknight Silver badge
      FAIL

      People (like me) won't risk patching their equipment against a potential threat, when the very firmware itself contains a confirmed thread.... Netgear, I'm looking at you with your phone home mac addresses, etc. in your firmware.

      https://www.theregister.co.uk/2017/05/21/netgear_updates_router_with_phone_home_feature/

  3. Anonymous Coward
    Anonymous Coward

    Confused

    If you already have the infection, rebooting your router will eliminate part of the process. Attempting to connect to the website won't further compromise your PC. The foolish belief that the MPAA or copyright holders are unreasonable for enforcing their copyright - which is actually required under copyright law, shows a complete lack of understanding on copyright law. Due to digital criminals unending efforts to compromise hardware all routers, servers, etc. should have regular firmware updates.

    1. DCFusor Silver badge

      Re: Confused

      Confused are you, indeed.

      It's trademarks that have to be defended to remain valid.

      1. patent

      2. trademark

      3 copyright

      That's three sets of very different law. And that's in the US alone. Some things that can satisfy one or more of those in the US cannot in the EU for example, and in many cases, legally protecting your "eye-pee" in one country doesn't protect it in another (depends on treaties and so on).

      And those with the gold tries to make the rules - they almost got DVD Jon jailed even though what he did wasn't illegal in his own country where he revealed how to get the key from DVD's so we linux users could actually get what we paid for.

      Are you paid to be that confused? Ah, AC...always a sign someone stands behind what they say.

  4. Voland's right hand Silver badge

    Usual bulshit

    The hope, says the FBI, is that by trying to reconnect the devices will give away the location of those servers,

    So, as a matter of fact, the FBI does not yet know who runs the botnet, but it has already attributed it to a particular very Fancy Bear. There is a Red Under Our Bed. RUN FOR THE HILLS!!!

    1. Richard Wharram

      Re: Usual bulshit

      Fry: Not sure if doesn't understand how attribution works or is shilling for Russia...

      1. Voland's right hand Silver badge

        Re: Usual bulshit

        Not sure if doesn't understand how attribution works or is shilling for Russia...

        I have worked for a CERT amidst other things - so yes, I do understand how attribution works.

        What I see here is not attribution - I see propaganda. On both sides - them claiming it is not them and us blaming them at "state level" using every possible opportunity regardless of how inappropriate.

        This includes clear opportunities to nail them for shit which is much worse than the purported state involvement.

        1. Richard Wharram

          Re: Usual bulshit

          So that sentence you quoted which doesn't give a single clue about how the attribution might have been done led you to that conclusion?

        2. TheVogon Silver badge

          Re: Usual bulshit

          "What I see here is not attribution - I see propaganda."

          There was some commonality in the code that linked it to previous Fancy Bear work. So it's reasonable attribution based on factual evidence

  5. Chairman of the Bored Silver badge

    Relax.

    In all other respects FBI has had an absolutely horrible week. Let 'em have one uncontested and relatively harmless press release...

  6. Anonymous Coward
    Anonymous Coward

    ASUS

    ASUS routers send data back to TrendMicro if you use any of the features listed at the top half of the routers web based control panel:

    https://www.computerworld.com/article/3194843/internet/asus-router-warnings-on-privacy-and-security.html

    What is also unusual is that every single internet connected device (including Android tablets, phones Linux and/or Windows VM's) have AffirmTrust certificates installed once they are connected to the internet and/or updated.

    What brought my attention to this was that on a Windows 7 machine one of these AffirmTrust certificates had the "simple name" of Trend Micro.

    When I contacted Trend Micro they claimed that the certificates were there because I had visited their support website but I could see these AffirmTrust certificates populate on a fresh install of Windows after running Windows updates without using the web browser to view any websites at all.

    Soon after my contact with Trend Micro the simple name field on the AffirmTrust certificates no longer contains the name of Trend Micro and is now blank.

    It was about a month after that when I found the article I linked to in my comments above regarding Trend Micro/ASUS.

    Is there ANY device, app, website out there that is NOT monitizing the user and/or gathering "anonymous" usage data?

    https://routersecurity.org/bugs.php

    Disgusted.

    1. onefang Silver badge

      Re: ASUS

      'Is there ANY device, app, website out there that is NOT monitizing the user and/or gathering "anonymous" usage data?'

      My website isn't, might be why I'm so poor.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019