Welcome to Xfinity Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,873,378

members

880

online

28,950

topics

Top

This is the VPN filter malware threat "MEGA-THREAD".

ANSWERED
Connection Expert

Re: Checking current Firmware (if necessary)

AFAIK, not yet.




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark an Answer!solution Icon

New Poster

Re: Checking current Firmware (if necessary)

Here’s what I received via the @ComcastCares Twitter DM:

“The vast majority of Comcast-provided gateways and modems were not impacted by the 'VPNFilter' malware. For the very small number of Comcast-issued devices that may be affected, we are in the process of proactively communicating with those customers and exchanging hardware where needed. -DL“
Frequent Visitor

VPNFilter

I have read the boards that relate to VPNFilter. i see very little, if any, responses to questions regarding the malware and Comcast routers. What good are the "communities if Comcast nevers answers questions?

Frequent Visitor

Re: This is the VPN filter malware threat "MEGA-THREAD".

Except for a few "Expert" comments I have not seen any response from Comcast on this matter

Problem Solver

Re: This is the VPN filter malware threat "MEGA-THREAD".

I don't expect any definitive statement from Comcast is forthcoming, for the simple reason that more information is being uncovered about VPNFilter as we speak.

 

The latest from Cisco's Talos Intelligence group:

 

https://blog.talosintelligence.com/2018/06/vpnfilter-update.html

 

In a nutshell, a new Stage 3 exploit was discovered, and more affected devices were found. But importantly for this forum - 

 

No Comcast leased gateways have yet been found to be affected. 

 

Stay tuned.

 



<<<< "Sometimes the best way to learn something is by doing it wrong and looking at what you did." - Neil Gaiman >>>>
New Poster

Re: Checking current Firmware (if necessary)


@Chapman8tor wrote:
Here’s what I received via the @ComcastCares Twitter DM:

“The vast majority of Comcast-provided gateways and modems were not impacted by the 'VPNFilter' malware. For the very small number of Comcast-issued devices that may be affected, we are in the process of proactively communicating with those customers and exchanging hardware where needed. -DL“

Thanks for sharing.

New Poster

Xfinity router safety?

I would like to know if my Xfinity WI-FI router is affected by the Wi-Fi router-killing malware known as VPNFilter...thank you...

New Poster

VPN Filter Malware

Are the Xfinity routers at risk of infection from the VPN filter malware that is in the news?

Frequent Visitor

Re: VPNFilter security threat

https://blog.talosintelligence.com/2018/06/vpnfilter-update.html

 

This article will make you feel warm and fuzzy....

 

Comcast / Xfinity "Home Security" routhers (WNR 1000) is on this list....

 

 

Highlighted
Administrator
Administrator

Re: This is the VPN filter malware threat "MEGA-THREAD".

The vast majority of Comcast-provided residential and business gateways and modems were not impacted by the 'VPNFilter' malware. For the very small number of Comcast-issued devices that may be affected, we are in the process of proactively communicating with those customers and exchanging hardware where needed



Community Icon
I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: Product, Support, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark a Best Answer!solution Icon
Community Icon
I am a Comcast Employee.
Please post so people with similar questions may benefit.
Was your question answered?
Mark a Best Answer!solution Icon

Problem Solver

Re: VPNFilter security threat


@tinamclair wrote:

https://blog.talosintelligence.com/2018/06/vpnfilter-update.html

 

This article will make you feel warm and fuzzy....

 

Comcast / Xfinity "Home Security" routhers (WNR 1000) is on this list.... 

 


Unlikely that's the Comcast version. The router would have to advertise itself as such to the backdoor domain seized by the FBI, (that's how Talos identifies the affected devices) and the sidecar Home Security router is not facing the internet.

 

Plus, it's running proprietary Comcast firmware, which isn't vulnerable to the malware. If it were, other Comcast gateways would also show up, and they haven't. 



<<<< "Sometimes the best way to learn something is by doing it wrong and looking at what you did." - Neil Gaiman >>>>
New Poster

Gateway Firmware Update

With all the talk of Russian hacking modems and routers, I was wondering if Xfinity is updating its gateway firmware to mitigate this situation. There are three levels to the hacking attack and rebooting the gateway does not eliminate all three. Does anyone have any definitive information? Thanks.

Frequent Visitor

Re: Over 500,000 home routers hacked, are we safe?

I filed with the FCC on this issue and so far 5 people cannot assure me that my device on that list for my home "Security" is safe.

 

They told me so far to "Buy another device" i.e. Firewall to place between there device an MY network....

 

I have asked "What method of "Secure" communication that the router speaks through MY network to there network"

 

So far no one CAN or WILL answer this question.

 

I do NOT feel warm and fuzzy about this device in my network.

Frequent Visitor

Re: This is the VPN filter malware threat "MEGA-THREAD".

Sure,

 

-----In the question of my "Xfinity Home SECURITY" system wirless router-----

 

5 People that I have spoken with have YET to inform me that this is in fact TRUE:

 

I have been told several "Inconsistent" reply's so far:

 

1. The device in question has its own Flashed Program and is NOT acting as the "Out of Box" functionality as might be expected.

2. And just informed that I can access this device and make the necessary changes (Like a fire wall) to prevent this potential of intrusion.

3. The OTHER alternative is now I can purchase an alternate device (Firewall) though not said this specifically as by name to put between this wireless device and MY network.

NO one has YET to inform me as to the "Method" of "Secure" communication that this device has between MY network and that device that speaks to god knows what.

This by simple definition is a HOLE in MY and invariably there network.

My answer to this issue of network intrusion is that THEY provide an alternative device that this VULNERABLE device can then be isolated from MY network.

 

NOTE: I had to open a case with the FCC to get this far.....

Problem Solver

Re: This is the VPN filter malware threat "MEGA-THREAD".

Then upgrade your router to the XB3 or XB6, which don't require the sidecar router.

But while we're on the subject,

Instead of spamming and scaremongering the forum, why don’t you address my response to you above? Do you have any particular knowledge that Talos, Symantec or other security researchers don't have? Are you aware that since the ToKnowAll domain was seized by the FBI, the ability for the malware to spread had been effectively stopped? That a simple factory reset will wipe out the Stage One infection, let alone Stage 2 and 3, where the real damage can happen? That rebooting your router effectively ends the immediate threat?
Seriously, stop. Spreading hysteria is not only counterproductive to efforts to combat the problem, but could very possibly be one of the objectives of the malware authors - incite fear and panic.
Stay calm and don't help them.


<<<< "Sometimes the best way to learn something is by doing it wrong and looking at what you did." - Neil Gaiman >>>>
Frequent Visitor

Re: VPNFilter security threat

I have been told several "Inconsistent" reply's so far:

1. The device in question has its own Flashed Program and is NOT acting as the "Out of Box" functionality as might be expected. (As you say its running a proprietary FW)

2. And just informed that I can access this device and make the necessary changes (Like a fire wall) to prevent this potential of intrusion.

3. The OTHER alternative is now I can purchase an alternate device (Firewall) though not said this specifically as by name to put between this wireless device and MY network.

Deal Killer: - NO one has YET to inform me as to the "Method" of "Secure" communication that this device has between MY network and that device that speaks to god knows what.

 

This by simple definition is a HOLE in MY and invariably there network.

 

My answer to this issue of network intrusion is that THEY provide an alternative device that this VULNERABLE device can then be isolated from MY network.

Problem Solver

Re: VPNFilter security threat


@tinamclair wrote:

I have been told several "Inconsistent" reply's so far:

1. The device in question has its own Flashed Program and is NOT acting as the "Out of Box" functionality as might be expected. (As you say its running a proprietary FW)

2. And just informed that I can access this device and make the necessary changes (Like a fire wall) to prevent this potential of intrusion.

3. The OTHER alternative is now I can purchase an alternate device (Firewall) though not said this specifically as by name to put between this wireless device and MY network.

Deal Killer: - NO one has YET to inform me as to the "Method" of "Secure" communication that this device has between MY network and that device that speaks to god knows what.

 

This by simple definition is a HOLE in MY and invariably there network.

 

My answer to this issue of network intrusion is that THEY provide an alternative device that this VULNERABLE device can then be isolated from MY network.

 


With all due respect, those "replies" sound like they're coming from someone who just wants you to go away and not bother them anymore. Who exactly told you these?

 

There's nothing "inconsistent" about those replies at all. For one thing, my iPhone runs proprietary firmware AND I can also configure it to improve its security. Same with my personally owned router, or my iMac. Or even your PC, for that matter.

As for the third item, if your sidecar router is properly installed between your gateway and the internet, your gateway already works as a firewall. 

 

And finally, if you don't like that device on your system, contact Comcast and request an upgrade for your gateway to the XB3 or the XB6, which don't require the sidecar routers. 

 

 

 

 



<<<< "Sometimes the best way to learn something is by doing it wrong and looking at what you did." - Neil Gaiman >>>>
Contributor

Re: This is the VPN filter malware threat "MEGA-THREAD".

 


@ComcastJessie wrote:

The vast majority of Comcast-provided residential and business gateways and modems were not impacted by the 'VPNFilter' malware. For the very small number of Comcast-issued devices that may be affected, we are in the process of proactively communicating with those customers and exchanging hardware where needed


Hi Jessie,

Assuming that small number of devices includes the WNR 1000 sidecar router for Xfinity Home, do you know when we may expect to receive that communication?

Special Events
FIFA World Cup 2018 on Xfinity See More