
FBI Is Wrong: All Routers Need to Be Reset,  What to Do - pwagenseil
https://www.tomsguide.com/us/russian-router-malware,news-27288.html
======
snowy
This article is wrong. It states: "MicroTik Cloud Core routers, mainly used by
enterprises, may be affected if they run versions 1016, 1036 or 1072 of the
MicroTik RouterOS.

Those are model numbers, not firmware versions. He lifted that from this Krebs
artical ([https://krebsonsecurity.com/2018/05/fbi-kindly-reboot-
your-r...](https://krebsonsecurity.com/2018/05/fbi-kindly-reboot-your-router-
now-please/)) which is also wrong.

All Mikrotik products running less than version 6.38.5 are vulnerable:
[https://forum.mikrotik.com/viewtopic.php?t=134776](https://forum.mikrotik.com/viewtopic.php?t=134776)

It makes me wonder what else is wrong....

------
AboutTheWhisles
Where did this title come from? This isn't what the article says.

~~~
jsiepkes
Probably from that the FBI previously said a reboot of your router was enough.
Apparently it isn't.

~~~
rdiddly
Rebooting is enough to get rid of stages 2 and 3, if present. To get rid of
stage 1, you have to factory reset, and preferably overwrite the firmware too,
even if it's already up-to-date.

More helpful than TFA or the FBI's announcements was this blog post, already
featured on HN at least once and linked by commenters probably multiple times:

[https://blog.talosintelligence.com/2018/05/VPNFilter.html](https://blog.talosintelligence.com/2018/05/VPNFilter.html)

