Please post all inquiries regarding this subject here in this thread. Please do not create multiple new threads on this subject. Thank you.
Solved! Go to Solution.
I saw this article about hacked home routers (https://nakedsecurity.sophos.com/2018/05/23/vpnfilter-is-a-malware-timebomb-lurking-on-your-router/) and don't see the Xfinity provided Arrista routers on the list, but can someone from the company confirm that we do not need to take special precautions to guard against it (beyond the usual good advice: change default password, etc.)?
Please read this post.
Read a current article on “ThreatPost” re malware attack on WiFi routers. Article suggests installing a software patch for the router. Article was kind of sketchy on how to accomplish this. Any info about this would be appreciated.
I read an article in the Globe regarding a dangerous malware causing havoc with routers called VPNfilter, which is from our Russia friends (they say). Has Comcast take steps to deal with this threat and what, if anything, should the consumer expect: notification of some sort, how to's if it up to the consumer of the Xfinity router to protect themselves??? Silence is not golden when threats are made to our internet security as we all know.
I'm also surprised that xfinity hasn't addressed this problem. Would love to hear from them about resetting my modem/wifi and whether the Norton security is covering the problem.
Norton products detect the threat as Linux.VPNFilter.
Here is a detailed post about it: https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
That sounds exactly like the Russian Hack on Routers. A three stage Attack.
I think you might be able to unplug your Router and try a reset but you will have to input all your setting back in manually.
Also, I read the FBI borrowed a Russian Hacked Router from a Pittsburgh resident and made significant research into this multi-level exploit. Maybe they will stop the Ruskies? I Read this Router attack comes from Moscow.
Do you have instructions/fix for your users who are using the comcast router. If so please post. Does this post from several days ago have anything to do with the VPNfilter malware or is it a different problem?
I own my cable modem / router / AP - Netgear C6300.
However Comcast manages the firmwahres. How do I know that Comcast has not been corupted by the Russion infiltration of US home routers?
Has comcast refreshed this firmwahre as of the WWW site being taken down this week?
FBI has suggested all home routers have their firmwhare refreshed.
FBI issues formal warning on massive malware network linked to Russia
are Comcast provided routers currently vulnerable to the VPNFilter malware? article in Boston Globe suggests consumers may have to update the software on their routers themselves
No mention of Comcast on Symantec.
I have been logged into my xfinity router and on chat support now for 35 minutes. Haresh the operator has no information and is checking around for information on the malware. He is unaware of any issues. I guess either xfinity is not concerned, or out to lunch. Perhaps the Globe has it wrong? Maybe they were a victim of fake news? Either way, xfinity should know. They say nothing on their main my account page. <Edited for violating forum guidelines: "Off Topic/Political">
Jon_McB a Norton employee responded in the following link:
Do you have the free Norton installed?
The FBI has issued a recommendation that all router owners upgrade and reboot their routers (https://arstechnica.com/information-technology/2018/05/fbi-tells-router-users-to-reboot-now-to-kill-...). Will Xfinity be issuing firmware upgrades for the X1 gateways?
Recent information provided by Fox News provided the following:
Russian hackers have compromised cable modems and wireless routers of various manufacters which has effected millions of US users. I have been able to update firmware for my Linksys WRT1900AC router but have no knowledge concerning my Xfinity/Comcast modem.
Here is a post by Jon_McB a Norton employee who is active on this forum:
Norton does detect the threat, but it appears Comcast needs to make a statement on this.
Firmware updates for your Comcast modem are pushed automatically by Comcast.
But more important is your router, which acts as the gateway for your network. Since you've updated it to the latest firmware you've done what you needed to. Just remember to stay updated since more vulnerabilities are discovered all the time.
There is no mention of Comcast equipment in Symantec. The articles refer to privately-owned modems.
Here is Norton's take. good article and clarifies the issue
Do Xfinity WiFi customers need to do anything in response to the following FBI security alert?
Federal officials and cyber security experts both warned Internet users to take steps to protect their home and office routers from an attack by a hacker group that has been linked to Russia.
The Federal Bureau of Investigation said in a statement on 25 May 2018 that foreign cyber actors had used a malware program known as VPNFilter to infect “hundreds of thousands” of home and office routers and other networked devices worldwide.
Is Xfinity doing anything about this threat? Thank you.
Symantec is listing Netgear R7000 as a potential target. That is a pretty popular router and I am using one as an access point. Don't understand why Xfinity is not putting out guidance on this issue. I am using an Xfinity gigabyte gateway as my modem/router along with the R7000 and Asus RT-AC66U as access points.
Does anyone know if xfinity manages their modem/routers remotely? Not sure what good it will do if I factory reset the access points if the modem/router is vulnerable.
Please advise if it is necessary to reboot my router as the FBI is advising or if Comcast has done this remotely.
If it is necessary for me to do, please provide detailed instructions on how to do so.
I thought the warning was for business related routers. You can reboot the router by removing its power source and reconnecting.
Recent news reports about resetting home wifi routers raises question on what settings need to be reconfigured for Xfinity internet connection.
Rebooting the wifi router is suggested by the original news report and FBI advisory. This reconnected OK as expected after reboot.
However I see that Cisco recommends doing factory reset of the wifi router. Hesitant to do that until I know what settings need to be reconfigured after the reset operation. Is this documented anywhere? Has anyone already tried this?
Netgear model C3700 here.
Is there any advice and/or help from Comcast about "resetting" or "rebooting" their router, as per the recent FBI recommendation? I have their Arris TG1682G. I'm semi-literate in these things, but I don't know much about routers and modems and I hesitate to dig in without assistance.
Easiest way to do this would be to simply unplug the gateway and disconnect it from the cable line, wait about 2 minutes, then reconnect the cable and plug it back in. (Yeah, I know, surprisingly simple, but it works just the same).
Any updates with Comcast supplied modems or gateways will be pushed directly to the device by Comcast automatically. If you have any privately owned devices, you should update their firmware yourself.
The FBI has stopped the spread of the malware by seizing several websites involved, so all you need to do is to reboot your gateway or router to flush it out.
Thanks. I have since found this article: https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
Since I use Norton Security Suite via my Xfinity subscription, and my router is not on the list of known infected devices, I think I'm safe for now.
Typically any custom settings you have, such as WiFi name and password, port forwarding, alternate DNS settings, etc will be lost in a factory reset. As long as you remember what you have, you can simply recreate those once the router is back up and running. Even better, your router might have a tool to back up your configuration files and save them, and you can reload them after the reset.
Yeah, it's a royal pain, but necessary for your network's security. Fortunately most people ever really need to recreate their WiFi name and password only, so it shouldn't be too hard.
Not responding to forum questions, apparently. Yours is the fourth thread I've read about it in the forums, and zero response from Comcast.
The issue has been addressed several times in various threads, including an officlal Symantec /Norton representative here.
If people would stop posting multiple threads about the same topic, the answers can be found more easily.
It's not really necessary. Because the FBI has managed to seize several websites involved in Stage 2 of the infection, they've effectively stopped the malware, but Stage 1 might persist in some devices, so a factory reset would probably be a good idea anyway.
As long as you remember what custom settings you have, like your WiFI name and password, they can always be restored afterwards.