Community Forum

This is the VPN filter malware threat "MEGA-THREAD".

Expert

Re: Checking current Firmware (if necessary)

AFAIK, not yet.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
New Poster

Re: Checking current Firmware (if necessary)

Here’s what I received via the @ComcastCares Twitter DM:

“The vast majority of Comcast-provided gateways and modems were not impacted by the 'VPNFilter' malware. For the very small number of Comcast-issued devices that may be affected, we are in the process of proactively communicating with those customers and exchanging hardware where needed. -DL“
Frequent Visitor

VPNFilter

I have read the boards that relate to VPNFilter. i see very little, if any, responses to questions regarding the malware and Comcast routers. What good are the "communities if Comcast nevers answers questions?

Frequent Visitor

Re: This is the VPN filter malware threat "MEGA-THREAD".

Except for a few "Expert" comments I have not seen any response from Comcast on this matter

Expert

Re: This is the VPN filter malware threat "MEGA-THREAD".

I don't expect any definitive statement from Comcast is forthcoming, for the simple reason that more information is being uncovered about VPNFilter as we speak.

 

The latest from Cisco's Talos Intelligence group:

 

https://blog.talosintelligence.com/2018/06/vpnfilter-update.html

 

In a nutshell, a new Stage 3 exploit was discovered, and more affected devices were found. But importantly for this forum - 

 

No Comcast leased gateways have yet been found to be affected. 

 

Stay tuned.

 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
New Poster

Re: Checking current Firmware (if necessary)


@Chapman8tor wrote:
Here’s what I received via the @ComcastCares Twitter DM:

“The vast majority of Comcast-provided gateways and modems were not impacted by the 'VPNFilter' malware. For the very small number of Comcast-issued devices that may be affected, we are in the process of proactively communicating with those customers and exchanging hardware where needed. -DL“

Thanks for sharing.

New Poster

Xfinity router safety?

I would like to know if my Xfinity WI-FI router is affected by the Wi-Fi router-killing malware known as VPNFilter...thank you...

New Poster

VPN Filter Malware

Are the Xfinity routers at risk of infection from the VPN filter malware that is in the news?

Frequent Visitor

Re: VPNFilter security threat

https://blog.talosintelligence.com/2018/06/vpnfilter-update.html

 

This article will make you feel warm and fuzzy....

 

Comcast / Xfinity "Home Security" routhers (WNR 1000) is on this list....

 

 

Highlighted
Administrator

Re: This is the VPN filter malware threat "MEGA-THREAD".

The vast majority of Comcast-provided residential and business gateways and modems were not impacted by the 'VPNFilter' malware. For the very small number of Comcast-issued devices that may be affected, we are in the process of proactively communicating with those customers and exchanging hardware where needed


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Expert

Re: VPNFilter security threat


@tinamclair wrote:

https://blog.talosintelligence.com/2018/06/vpnfilter-update.html

 

This article will make you feel warm and fuzzy....

 

Comcast / Xfinity "Home Security" routhers (WNR 1000) is on this list.... 

 


Unlikely that's the Comcast version. The router would have to advertise itself as such to the backdoor domain seized by the FBI, (that's how Talos identifies the affected devices) and the sidecar Home Security router is not facing the internet.

 

Plus, it's running proprietary Comcast firmware, which isn't vulnerable to the malware. If it were, other Comcast gateways would also show up, and they haven't. 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
New Poster

Gateway Firmware Update

With all the talk of Russian hacking modems and routers, I was wondering if Xfinity is updating its gateway firmware to mitigate this situation. There are three levels to the hacking attack and rebooting the gateway does not eliminate all three. Does anyone have any definitive information? Thanks.

Frequent Visitor

Re: Over 500,000 home routers hacked, are we safe?

I filed with the FCC on this issue and so far 5 people cannot assure me that my device on that list for my home "Security" is safe.

 

They told me so far to "Buy another device" i.e. Firewall to place between there device an MY network....

 

I have asked "What method of "Secure" communication that the router speaks through MY network to there network"

 

So far no one CAN or WILL answer this question.

 

I do NOT feel warm and fuzzy about this device in my network.

Frequent Visitor

Re: This is the VPN filter malware threat "MEGA-THREAD".

Sure,

 

-----In the question of my "Xfinity Home SECURITY" system wirless router-----

 

5 People that I have spoken with have YET to inform me that this is in fact TRUE:

 

I have been told several "Inconsistent" reply's so far:

 

1. The device in question has its own Flashed Program and is NOT acting as the "Out of Box" functionality as might be expected.

2. And just informed that I can access this device and make the necessary changes (Like a fire wall) to prevent this potential of intrusion.

3. The OTHER alternative is now I can purchase an alternate device (Firewall) though not said this specifically as by name to put between this wireless device and MY network.

NO one has YET to inform me as to the "Method" of "Secure" communication that this device has between MY network and that device that speaks to god knows what.

This by simple definition is a HOLE in MY and invariably there network.

My answer to this issue of network intrusion is that THEY provide an alternative device that this VULNERABLE device can then be isolated from MY network.

 

NOTE: I had to open a case with the FCC to get this far.....

Expert

Re: This is the VPN filter malware threat "MEGA-THREAD".

Then upgrade your router to the XB3 or XB6, which don't require the sidecar router.

But while we're on the subject,

Instead of spamming and scaremongering the forum, why don’t you address my response to you above? Do you have any particular knowledge that Talos, Symantec or other security researchers don't have? Are you aware that since the ToKnowAll domain was seized by the FBI, the ability for the malware to spread had been effectively stopped? That a simple factory reset will wipe out the Stage One infection, let alone Stage 2 and 3, where the real damage can happen? That rebooting your router effectively ends the immediate threat?
Seriously, stop. Spreading hysteria is not only counterproductive to efforts to combat the problem, but could very possibly be one of the objectives of the malware authors - incite fear and panic.
Stay calm and don't help them.

I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Frequent Visitor

Re: VPNFilter security threat

I have been told several "Inconsistent" reply's so far:

1. The device in question has its own Flashed Program and is NOT acting as the "Out of Box" functionality as might be expected. (As you say its running a proprietary FW)

2. And just informed that I can access this device and make the necessary changes (Like a fire wall) to prevent this potential of intrusion.

3. The OTHER alternative is now I can purchase an alternate device (Firewall) though not said this specifically as by name to put between this wireless device and MY network.

Deal Killer: - NO one has YET to inform me as to the "Method" of "Secure" communication that this device has between MY network and that device that speaks to god knows what.

 

This by simple definition is a HOLE in MY and invariably there network.

 

My answer to this issue of network intrusion is that THEY provide an alternative device that this VULNERABLE device can then be isolated from MY network.

Expert

Re: VPNFilter security threat


@tinamclair wrote:

I have been told several "Inconsistent" reply's so far:

1. The device in question has its own Flashed Program and is NOT acting as the "Out of Box" functionality as might be expected. (As you say its running a proprietary FW)

2. And just informed that I can access this device and make the necessary changes (Like a fire wall) to prevent this potential of intrusion.

3. The OTHER alternative is now I can purchase an alternate device (Firewall) though not said this specifically as by name to put between this wireless device and MY network.

Deal Killer: - NO one has YET to inform me as to the "Method" of "Secure" communication that this device has between MY network and that device that speaks to god knows what.

 

This by simple definition is a HOLE in MY and invariably there network.

 

My answer to this issue of network intrusion is that THEY provide an alternative device that this VULNERABLE device can then be isolated from MY network.

 


With all due respect, those "replies" sound like they're coming from someone who just wants you to go away and not bother them anymore. Who exactly told you these?

 

There's nothing "inconsistent" about those replies at all. For one thing, my iPhone runs proprietary firmware AND I can also configure it to improve its security. Same with my personally owned router, or my iMac. Or even your PC, for that matter.

As for the third item, if your sidecar router is properly installed between your gateway and the internet, your gateway already works as a firewall. 

 

And finally, if you don't like that device on your system, contact Comcast and request an upgrade for your gateway to the XB3 or the XB6, which don't require the sidecar routers. 

 

 

 

 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Re: This is the VPN filter malware threat "MEGA-THREAD".

 


@ComcastJessie wrote:

The vast majority of Comcast-provided residential and business gateways and modems were not impacted by the 'VPNFilter' malware. For the very small number of Comcast-issued devices that may be affected, we are in the process of proactively communicating with those customers and exchanging hardware where needed


Hi Jessie,

Assuming that small number of devices includes the WNR 1000 sidecar router for Xfinity Home, do you know when we may expect to receive that communication?

Expert

Re: This is the VPN filter malware threat "MEGA-THREAD".


@commodore_dude wrote:

 


@ComcastJessie wrote:

The vast majority of Comcast-provided residential and business gateways and modems were not impacted by the 'VPNFilter' malware. For the very small number of Comcast-issued devices that may be affected, we are in the process of proactively communicating with those customers and exchanging hardware where needed


Hi Jessie,

Assuming that small number of devices includes the WNR 1000 sidecar router for Xfinity Home, do you know when we may expect to receive that communication?


The Comcast WNR1000 is not affected. 

 

The only devices I know of that are being replaced because of VPN Filter are the Netgear R8000 R7000 routers that were bundled with the Technicolor TC4400 gigabit modems in certain markets. These modem/router combos are to be swapped for the XB6 gateways. 

 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Contributor

Is SMCD3G router affected by VPNFilter malware?

We're using SMCD3G router in our office. I can't seem to find if it is affected by the VPNFilter malware?

Expert

Re: Is SMCD3G router affected by VPNFilter malware?


@dc_2000 wrote:

We're using SMCD3G router in our office. I can't seem to find if it is affected by the VPNFilter malware?


1. Might still be affected, but not at this time. So far no Comcast supplied gateway has been affected.

2. Yours is a commercial device, and this is the residential services forum. You're better off asking for assistance in the Business Forums.  


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Most Valued Poster

Re: Is SMCD3G router affected by VPNFilter malware?


@dc_2000 wrote:

We're using SMCD3G router in our office. I can't seem to find if it is affected by the VPNFilter malware?


All you have to do is google the question you asked here. I just did and there is plenty of info out there for you. Comcast leased equipment is not affected. 

Regular Visitor

"VPNFilter" Malware

How do I protect my Comcast Modem/Wi-Fi from "VPNFilter" malware or are you updating from headquarters?

New Poster

Re: This is the VPN filter malware threat "MEGA-THREAD".

I received a call about getting new equipment.  I need to know if my modem was affected by this.  I am online all day long. What is a very small number?  How do we find out if we were affected? Was our personal data breached?  We need answers.

 

The vast majority of Comcast-provided residential and business gateways and modems were not impacted by the 'VPNFilter' malware. For the very small number of Comcast-issued devices that may be affected, we are in the process of proactively communicating with those customers and exchanging hardware where needed

Expert

Re: This is the VPN filter malware threat "MEGA-THREAD".


@J_Murray1 wrote:

I received a call about getting new equipment.  I need to know if my modem was affected by this.  I am online all day long. What is a very small number?  How do we find out if we were affected? Was our personal data breached?  We need answers.

 

The vast majority of Comcast-provided residential and business gateways and modems were not impacted by the 'VPNFilter' malware. For the very small number of Comcast-issued devices that may be affected, we are in the process of proactively communicating with those customers and exchanging hardware where needed


The only equipment for sure that was affected that we know of were the Netgear R7000 routers that were bundled with the leased TC4400 gigabit modems.  Those routers aren't even Comcast issued; they were bundled because the XB6 gateways weren't available yet. 

The affected customers have been notified and the devices swapped for the new XB6 gateways. 

 

If you don't have one of those routers, you were likely notified because you're running an outdated modem for the speed tier that you have. Since you didn't post details about that notice, contact Comcast directly for more details:

 

 

 

 

 

 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Frequent Visitor

Re: This is the VPN filter malware threat "MEGA-THREAD".

Any one in the IT field knows there are 2 different hacks that can penetrate any computer network. And one can be planted and extracted any data and leave without leaving a footprint. Even if the data is encrypted the algorithm lets the hacker view all the information. It is believed to actually penetrate the CPU bypass the buss and gain complete access to the raw memory. And again leave no trace behind. Being able to access the CPU unhindered means nothing is secure. Intel , amd need to reconfigure the CPUs. I read that in a wired news feed. The only positive side is it takes time. But nothing can stop it. I made my network a maze like the old FTP sites. There is over a thousand empty folders. If the can crack that I'll want to shake his hand. One is called "meltdown" I forget the other because this is the godfather of hacks. This is just my opinion.
Expert

Re: This is the VPN filter malware threat "MEGA-THREAD".


@jeffrie8 wrote:
Any one in the IT field knows there are 2 different hacks that can penetrate any computer network. And one can be planted and extracted any data and leave without leaving a footprint. Even if the data is encrypted the algorithm lets the hacker view all the information. It is believed to actually penetrate the CPU bypass the buss and gain complete access to the raw memory. And again leave no trace behind. Being able to access the CPU unhindered means nothing is secure. Intel , amd need to reconfigure the CPUs. I read that in a wired news feed. The only positive side is it takes time. But nothing can stop it. I made my network a maze like the old FTP sites. There is over a thousand empty folders. If the can crack that I'll want to shake his hand. One is called "meltdown" I forget the other because this is the godfather of hacks. This is just my opinion.

Actually there's more than just two, but that's beyond the subject of this thread.

There will always be hacks, just as security improves, so will intruders find new and better ways to get inside, and so on. As much as we'd like to have a world where malware and hackers didn't exist, that's just wishful thinking given the current situation. 

 

And if you refer to Meltdown and Spectre, well, that's way, WAY out of Comcast's responsibility. Those vulnerabilites are known to have existed in Intel, and to be honest, every CPU that uses speculative execution, i.e., every single one of them since, save some really basic ones like the ones in the Raspberry Pi. 

They can never be truly mitigated unless you're all prepared to give up the major leaps in CPU technology over the last two decades. 

 

 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
New Poster

Re: Home network router - Russian malware

Has anyone responded to this?  I'm wondering the same thing.

Expert

Re: Home network router - Russian malware

There's numerous replies AND an official Comcast response on this thread. Please read through it instead of asking the same question others have asked.

I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!