Community Forum

This is the VPN filter malware threat "MEGA-THREAD".

Expert

This is the VPN filter malware threat "MEGA-THREAD".

Please post all inquiries regarding this subject here in this thread. Please do not create multiple new threads on this subject. Thank you.



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Frequent Visitor

Technicolor TC8305C gateway firmware updates

From what I've been able to find in xfinity forums, the last time the firmware for the subject gateway was updated was August 2014.  That seems like a long time to go without a firmware update.  Anything more recent?

New Poster

Over 500,000 home routers hacked, are we safe?

I saw this article about hacked home routers (https://nakedsecurity.sophos.com/2018/05/23/vpnfilter-is-a-malware-timebomb-lurking-on-your-router/) and don't see the Xfinity provided Arrista routers on the list, but can someone from the company confirm that we do not need to take special precautions to guard against it (beyond the usual good advice: change default password, etc.)?
Expert

Re: Over 500,000 home routers hacked, are we safe?


@Brainclots wrote:
I saw this article about hacked home routers (https://nakedsecurity.sophos.com/2018/05/23/vpnfilter-is-a-malware-timebomb-lurking-on-your-router/) and don't see the Xfinity provided Arrista routers on the list, but can someone from the company confirm that we do not need to take special precautions to guard against it (beyond the usual good advice: change default password, etc.)?

Please read this post.


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
New Poster

Re: Over 500,000 home routers hacked, are we safe?

OK, I read that post, and while it is good news, it does not address the specific issue being discussed in the link I posted, about a multistage malware that can put a sniffer on the router and capture information and send it off to Mother Russia. Can someone address that issue, please?
New Poster

VPNFilter malware

Read a current article on “ThreatPost” re malware attack on WiFi routers.  Article suggests installing a software patch for the router.  Article was kind of sketchy on how to accomplish this. Any info about this would be appreciated.

Regular Visitor

VPNfilter malware

Are the xfinity gateways affected by the vpnfilter?

New Poster

VPNfilter malware

I read an article in the Globe regarding a dangerous malware causing havoc with routers called VPNfilter, which is from our Russia friends (they say). Has Comcast take steps to deal with this threat and what, if anything, should the consumer expect: notification of some sort, how to's if it up to the consumer of the Xfinity router to protect themselves??? Silence is not golden when threats are made to our internet security as we all know. 

New Poster

Re: VPNFilter malware

I'm also surprised that xfinity hasn't addressed this problem. Would love to hear from them about resetting my modem/wifi and whether the Norton security is covering the problem.

Valued Contributor

Re: VPNFilter malware

Norton products detect the threat as Linux.VPNFilter. 

Here is a detailed post about it:  https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware

New Poster

Re: VPNfilter malware

Same question...what’s the plan to protect or patch our router?

New Poster

Re: VPNfilter malware

Same question, dear Comcast.......... What are you doing -- or what can we do -- to protect ourselves?

New Poster

Re: VPNfilter malware

Comcast - please respond with instructions for both Comcast rental and customer owned routers. 

 

Thank you.

 

 

Frequent Visitor

Re: VPNFilter malware

That sounds exactly like the Russian Hack on Routers. A three stage Attack. 

I think you might be able to unplug your Router and try a reset but you will have to input all your setting back in manually.

Also, I read the FBI borrowed a Russian Hacked Router from a Pittsburgh resident and made significant research into this multi-level exploit. Maybe they will stop the Ruskies? I Read this Router attack comes from Moscow.  

 

New Poster

Re: VPNfilter malware

Same question! Comcast, please advise. 

New Poster

Re: VPNfilter malware

Yes, please respond if we need to take an action

Frequent Visitor

VPN Filter Malware

What do we need to do to avoid this VPN Filter Malware? Will Comcast handle or will we get instructions?  Help!

New Poster

Re: VPNfilter malware

Do you have instructions/fix for your users who are using the comcast router.  If so please post.  Does this post from several days ago have anything to do with the VPNfilter malware or is it a different problem?

https://threatpost.com/comcast-patches-router-bug-that-leaked-some-wi-fi-passwords/132183/

 

 

New Poster

FBI warns on recent WWW site taken down - May 2018 / Home routers have been infiltrated.

I own my cable modem  /  router / AP  - Netgear C6300.      

However Comcast manages the firmwahres.     How do I know that Comcast has not been corupted by  the Russion infiltration of US home routers?   

 

Has comcast refreshed this firmwahre as of the WWW site being taken down this week?   

FBI has suggested all home routers have their firmwhare refreshed. 

 

FBI issues formal warning on massive malware network linked to Russia

http://thehill.com/policy/cybersecurity/389366-fbi-issues-formal-warning-of-massive-malware-network-...

New Poster

vulnerability of router

are Comcast provided routers currently vulnerable to the VPNFilter malware? article in Boston Globe suggests consumers may have to update the software on their routers themselves

Silver Problem Solver

Re: vulnerability of router

No mention of Comcast on Symantec.

I am not a Comcast Employee.
I am just a customer, volunteering my time to help other customers here in the Forums.
Was your question answered? Mark the post as best answer!
New Poster

Re: vulnerability of router

I have been logged into my xfinity router and on chat support now for 35 minutes. Haresh the operator has no information and is checking around for information on the malware. He is unaware of any issues. I guess either xfinity is not concerned, or out to lunch. Perhaps the Globe has it wrong? Maybe they were a victim of fake news? Either way, xfinity should know. They say nothing on their main my account page. <Edited for violating forum guidelines: "Off Topic/Political">

Re: VPN Filter Malware

Jon_McB a Norton employee responded in the following link:

 

http://forums.xfinity.com/t5/Anti-Virus-Software-Internet-Security/VPNFilter-malware/m-p/3095954/hig...

 

Do you have the free Norton installed?

 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Regular Visitor

VPNFilter malware

The FBI has issued a recommendation that all router owners upgrade and reboot their routers (https://arstechnica.com/information-technology/2018/05/fbi-tells-router-users-to-reboot-now-to-kill-...). Will Xfinity be issuing firmware upgrades for the X1 gateways?

Regular Visitor

Recent Russian Hacking of cable modems and wireless routers

Recent information provided by Fox News provided the following:

 

Russian hackers have compromised cable modems and wireless routers of various manufacters which has effected millions of US users.  I have been able to update firmware for my Linksys WRT1900AC router but have no knowledge concerning my Xfinity/Comcast modem.

Re: VPNfilter malware

Here is a post by Jon_McB a Norton employee who is active on this forum:

 

http://forums.xfinity.com/t5/Anti-Virus-Software-Internet-Security/VPNFilter-malware/m-p/3095954/hig...

 

Norton does detect the threat, but it appears Comcast needs to make a statement on this.

 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
New Poster

Re: VPNfilter malware

Earth to Comcast.
Are you there??!
Regular Visitor

Re: VPNfilter malware

Same question and adding that I have a Cisco "DPC3941T".
New Poster

Re: Comcast Xfinity Router Easy Hack

Yes, unfortunately, it is all too easy for anyone to log into most Comcast gateways / routers.
The good news is that it’s also easy for you to fix it.
1. Open a new browser window.
2. In the Address Bar up top, type this and hit enter: 10.0.0.1
3. In a moment, you will see the place to type in a user name and password.
USER: admin
PASSWORD: password
Hit Enter.
You should now be offered a chance to change the password so yes, change it to a complicated one that you write down and tape onto your Comcast box.

NEXT: You can just logout and go have a beer now OR you can continue navigating through the options to, say, WIFI, where you can do things like change your WiFi password and/or the name of your WiFi network to something you like better.
Most Comcast WiFi networks are named something like “HOME” and a few numbers. But you can have a little creative fun here and change it to anything else. Some guy in my neighborhood named his WiFi “FBI van”. Haha! Although not so sure that the actual FBI would find that funny.
By the way, be smart and power cycle your Comcast box after changing the password. They say that this helps update the firmware to protect it from Russian hackers.
Expert

Re: Recent Russian Hacking of cable modems and wireless routers

Firmware updates for your Comcast modem are pushed automatically by Comcast.

 

But more important is your router, which acts as the gateway for your network. Since you've updated it to the latest firmware you've done what you needed to. Just remember to stay updated since more vulnerabilities are discovered all the time.  


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
New Poster

Malware threat

  • What is Comcast doing about the malware threat I read about in the paper today?
Silver Problem Solver

Re: VPNFilter malware

There is no mention of Comcast equipment in Symantec.  The articles refer to privately-owned modems.

https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware

I am not a Comcast Employee.
I am just a customer, volunteering my time to help other customers here in the Forums.
Was your question answered? Mark the post as best answer!
New Poster

Re: Malware threat

Not responding to forum questions, apparently. Yours is the fourth thread I've read about it in the forums, and zero response from Comcast.
New Poster

Re: VPNfilter malware

New Poster

VPNFilter security threat

Do Xfinity WiFi customers need to do anything in response to the following FBI security alert?

 

Federal officials and cyber security experts both warned Internet users to take steps to protect their home and office routers from an attack by a hacker group that has been linked to Russia.

 

The Federal Bureau of Investigation said in a statement on 25 May 2018 that foreign cyber actors had used a malware program known as VPNFilter to infect “hundreds of thousands” of home and office routers and other networked devices worldwide.

 

Is Xfinity doing anything about this threat?  Thank you.

Regular Visitor

FBI warning on malware on routers

How do I reset my router?

New Poster

Re: VPNFilter malware

Symantec is listing Netgear R7000 as a potential target. That is a pretty popular router and I am using one as an access point. Don't understand why Xfinity is not putting out guidance on this issue.  I am using an Xfinity gigabyte gateway as my modem/router along with the R7000 and Asus RT-AC66U as access points. 

 

Does anyone know if xfinity manages their modem/routers remotely?  Not sure what good it will do if I factory reset the access points if the modem/router is vulnerable.

 

Mike

New Poster

Router Factory Reset

I am wondering with all the talk about routers being hacked (VPNFiler) do I need to factory reset my router? Please advise.

 

Thank you,

Shauna

New Poster

FBI warning to reboot routers

Dear comcast

 

Please advise if it is necessary to reboot my router as the FBI is advising or if Comcast has done this remotely.
If it is necessary for me to do, please provide detailed instructions on how to do so.

Thanks

 

Regular Contributor

Re: FBI warning to reboot routers

I thought the warning was for business related routers.  You can reboot the router by removing its power source and reconnecting.

Joe V
(not a Comcast employee, just another paying customer)
New Poster

WiFi router factory reset followup settings

Recent news reports about resetting home wifi routers raises question on what settings need to be reconfigured for Xfinity internet connection.

 

Rebooting the wifi router is suggested by the original news report and FBI advisory. This reconnected OK as expected after reboot.

 

However I see that Cisco recommends doing factory reset of the wifi router. Hesitant to do that until I know what settings need to be reconfigured after the reset operation. Is this documented anywhere? Has anyone already tried this?

 

Netgear model C3700 here.

New Poster

FBI Router Warning

Is there any advice and/or help from Comcast about "resetting" or "rebooting" their router, as per the recent FBI recommendation?  I have their Arris TG1682G.  I'm semi-literate in these things, but I don't know much about routers and modems and I hesitate to dig in without assistance.

Expert

Re: FBI Router Warning

Easiest way to do this would be to simply unplug the gateway and disconnect it from the cable line, wait about 2 minutes, then reconnect the cable and plug it back in. (Yeah, I know, surprisingly simple, but it works just the same). 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Expert

Re: VPNFilter security threat

Any updates with Comcast supplied modems or gateways will be pushed directly to the device by Comcast automatically. If you have any privately owned devices, you should update their firmware yourself. 

 

The FBI has stopped the spread of the malware by seizing several websites involved, so all you need to do is to reboot your gateway or router to flush it out. 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
New Poster

Re: FBI Router Warning

Thanks.  I have since found this article:  https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware

Since I use Norton Security Suite via my Xfinity subscription, and my router is not on the list of known infected devices, I think I'm safe for now.

New Poster

Russian malware

 Is there a need to reboot modem do to Russian malware?

Expert

Re: WiFi router factory reset followup settings

Typically any custom settings you have, such as WiFi name and password, port forwarding, alternate DNS settings, etc will be lost in a factory reset. As long as you remember what you have, you can simply recreate those once the router is back up and running. Even better, your router might have a tool to back up your configuration files and save them, and you can reload them after the reset. 

 

Yeah, it's a royal pain, but necessary for your network's security. Fortunately most people ever really need to recreate their WiFi name and password only, so it shouldn't be too hard. 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Expert

Re: Malware threat


@jquib wrote:
Not responding to forum questions, apparently. Yours is the fourth thread I've read about it in the forums, and zero response from Comcast.

The issue has been addressed several times in various threads, including an officlal Symantec /Norton representative here.

 

If people would stop posting multiple threads about the same topic, the answers can be found more easily. 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Expert

Re: Router Factory Reset

It's not really necessary. Because the FBI has managed to seize several websites involved in Stage 2 of the infection, they've effectively stopped the malware, but Stage 1 might persist in some devices, so a factory reset would probably be a good idea anyway. 

 

As long as you remember what custom settings you have, like your WiFI name and password, they can always be restored afterwards. 


I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
New Poster

Re: VPNfilter malware

Super summary:
There is a zero percent chance of any home or business being affected with the VPNFilter threat.
Why? Because by default, remote management is disabled on the routers. If remote management is enabled, the default password cannot be used.
- miletx.com