Community Forum

This is the VPN filter malware threat "MEGA-THREAD".

Frequent Visitor

Re: FBI Router Warning

What is the difference in rebooting by physically disconnecting the cable line and the power cord and initiating a restart with https://www.xfinity.com/support/    I have a battery in my Arris TG1682G.  Do I need to remove the battery if the physically rebooting is the complete way of doing it ? What about pushing the reset button resessed in the back of the modem?

New Poster

Re: WiFi router factory reset followup settings

Hey, thanks, good to know.

 

I was saving screenshots of each control panel setting just in case, then found one for backup / restore option in the Advanced section. Also see how the name ID and password are modifiable.

 

I went through the factory reset step and it automatically reconnected OK with the default configuation settings. Although it took about a minute or so longer to reboot then just the reboot option.

 

I now see that Netgear has some "VPN hot-fix" item posted on their support site so will look into that next.. 

Expert

Re: FBI Router Warning


@sgtjdc wrote:

What is the difference in rebooting by physically disconnecting the cable line and the power cord and initiating a restart with https://www.xfinity.com/support/    I have a battery in my Arris TG1682G.  Do I need to remove the battery if the physically rebooting is the complete way of doing it ? What about pushing the reset button resessed in the back of the modem?


For all intents and purposes, a hardware restart by physically disconnecting the power supply or a quick press of the reset button, and initiating a software restart at the gateway's admin panel /your My Account page/ XFinity xFi, accomplish the same thing. It's like restarting your computer after a crash. 

 

If you press the Reset button in the back for more than 15 seconds, or if you initiate a Factory reset from the gateway's admin panel, then the gateway is wiped clean and restored to its original settings from when you first installed it, like a reinstall of your operating system, (or a PowerWash for Chromebooks.).

 

The battery keeps your phone connection alive even during a power failure, so it's a good idea to remove the battery prior to a reboot. 


"The one thing that you have that nobody else has is you. Your voice, your mind, your story, your vision. So write and draw and build and play and dance and live as only you can." - Neil Gaiman
New Poster

xfinity and the VPNFilter malware

  1. has Xfinity taken any steps to protect customers from The VPNFilter malware that was recently in the news?
New Poster

Home network router - Russian malware

Is Comcast sending a fix to protect customer home network routers from the Russian malware?  Or are we on our own?

New Poster

Re: This is the VPN filter malware threat "MEGA-THREAD".

What has Xfinity done to clear the VPN Filter malware from its routers and protect the routers from future hacks of this type?  

 

Note, I am asking about the Russian hack, NOT the vulnerability discovered by some US researchers and fixed by Xfinity on Monday.  

 

For more in the Russian hack see this article: http://amp.timeinc.net/fortune/2018/05/26/fbi-warning-russian-malware-routers.

New Poster

Checking current Firmware (if necessary)

Regarding the Xfinity Arris TG1682 and the FBI router warning: is the router firmware updated by Xfinity automatically or should users check the current version (how?) and update?

 

Thanks.

New Poster

Re: This is the VPN filter malware threat "MEGA-THREAD".

I would like an answer to this question also. Do Xfinity/Comcast IT staff monitor this site?
Expert

Re: Checking current Firmware (if necessary)

It's updated automatically. You can powercycle the device (unplug it for 30 seconds, then plug it back in) to make sure it has the most recent updates. 


I am not a Comcast employee, just a moderator. Pls observe Wheaton's Law.
New Poster

Re: Comcast Xfinity Router Easy Hack

I was warned by the guy who installed my modem NOT to change the default login to the router. I believe this might prevent Comcast updates and remote maintenance. It does make me uneasy, though.

Diamond Problem Solver

Re: Comcast Xfinity Router Easy Hack


@AaronShep wrote:

I was warned by the guy who installed my modem NOT to change the default login to the router. I believe this might prevent Comcast updates and remote maintenance. It does make me uneasy, though.


No it doesn't. The firmware is updated through the backend no matter what you choose on the LAN end.

New Poster

Russian Malware

With the FBI warning about restarting our modems this past week, are there any firmware updates from Xfinity?

Contributor

FBI call for reset routers....do we need to reset to factory defauls

Do we need to do anything about the call by FBI to reset routers when we rent comcast modums with their built in routers? Should we change our passwords too? If yes why haven't I been contacted and told what to do? Will this and can this be done automaticly by comcast?

Silver Problem Solver

Re: Russian Malware

Comcast is prepairing a public release.


I am not a Comcast employee; I am just a customer, volunteering my time to help other customers here in the Forums.
Silver Problem Solver

Re: FBI call for reset routers....do we need to reset to factory defauls

There is nothing you need to do; Comcast is working on a response.


I am not a Comcast employee; I am just a customer, volunteering my time to help other customers here in the Forums.
New Poster

Russian malware

Arr we in any danger from this and if so what are the steps that we need to take.
Silver Problem Solver

Re: Russian malware

Comcast is preparing a response.

Please don't post in multiple forums.

https://forums.xfinity.com/t5/Forum-Community/Forums-Policy-and-Guidelines/td-p/2618379


I am not a Comcast employee; I am just a customer, volunteering my time to help other customers here in the Forums.

Re: Comcast Xfinity Router Easy Hack

Additional info from Bleeping Computer that may be helpful:

 

https://www.bleepingcomputer.com/news/security/reboot-your-router-to-remove-vpnfilter-why-its-not-en...

 

 

New Poster

Re: Technicolor TC8305C gateway firmware updates

Great question since its all over the news to upgrade your router due to a flaw for hackers to penetrate.  Does Comcast ever read and respond to these here?

Expert

Re: Comcast Xfinity Router Easy Hack


@AaronShep wrote:

I was warned by the guy who installed my modem NOT to change the default login to the router. I believe this might prevent Comcast updates and remote maintenance. It does make me uneasy, though.


I'm not sure why you were told that. By all means, you SHOULD change the default password (and username if possible) on the gateway, if anything to prevent anyone connecting to your network from messing around with your gateway settings. 

In fact, the reason a lot of such malware spreads is due to people not changing their default logins, which the malware uses as a backdoor into the device. 


"The one thing that you have that nobody else has is you. Your voice, your mind, your story, your vision. So write and draw and build and play and dance and live as only you can." - Neil Gaiman
New Poster

reboot modem

Should I reboot my modem as the FBI is recommending?

Regular Contributor

Re: reboot modem

The modems are not routers with default login/passwords which make them susceptible.  If you'd feel safer, you can always powercycle your modem.  Maybe someone from Xfinity/Comcast will chime in here.

Joe V
(not a Comcast employee, just another paying customer)
New Poster

Re: This is the VPN filter malware threat "MEGA-THREAD".

Which Xfinity owned routers may be infected or potentially infected by VPNFilter malware?

Should we just turn off and reboot anyway?

Do we need to reset Xfinity router passward?

Regular Visitor

Re: Bug in Xfinity Leaking Personal Customer Information

Hi Can you confirm that the comcast supplied router is not a mdel that can behacked by the FBI-sourced report?

thank you!

New Poster

Is my Xfinity modem/router protect from VNPFilter malware?

Is my Xfinity modem/router protect from VNPFilter malware?

New Poster

Router firmware and VPN Malware

Hi. I just read the FBI security bulletin regarding the VPN Filter Malware. I restarted my router, does my router automatically update the firmware or do I have to manually download?

Thanks
New Poster

Protection against VPN malware for Xfinity home customers

Are Xfinity home customers using Xfinity equipment affected by VPN filter malware and if so, what protective steps need to be taken?

New Poster

VPN Filter

From COnsulers Reports: "A new kind of malware is hitting WiFi routers around the world, and security researchers say consumers should tighten the security on their own home networks." Their experts recommend updating router software and reseting the router. Do you agree? If so, how does one update the router software?

New Poster

VPNfilter

I have the Xfinity home router.  Is my home network susceptible to the Russian malware botnet called VPNfilter?

New Poster

Re: Comcast Xfinity Router Easy Hack

Thanks EG and DarkAngelic. As you advised, I've changed the password and made sure remote control was turned off. I didn't see any way to change the username. That's the last time I take advice like that from an installer without checking it.

 


@darkangelic

In fact, the reason a lot of such malware spreads is due to people not changing their default logins, which the malware uses as a backdoor into the device. 


I'm not sure why you were told that. By all means, you SHOULD change the default password (and username if possible) on the gateway, if anything to prevent anyone connecting to your network from messing around with your gateway settings. 

 

New Poster

Re: VPNfilter malware

Does anoyone know if Comcast customers need to do anything re the malware dubbed VPN Filter?  I am not convinced that the customer service reps I have spoken with really know.

Regular Visitor

rouoter reset

The FBI is suggesting that the router not only be rebooted, but reset. Since it is your equipment are you doing this? I cannot reset the modem.

Thanks

Expert

Re: rouoter reset


@azbutch wrote:

The FBI is suggesting that the router not only be rebooted, but reset. Since it is your equipment are you doing this? I cannot reset the modem.

Thanks


There's a tiny, recessed Reset button on the back of the gateway that you can press with a bent paperclip for 30 seconds and it will reset the gateway back to factory defaults. 


"The one thing that you have that nobody else has is you. Your voice, your mind, your story, your vision. So write and draw and build and play and dance and live as only you can." - Neil Gaiman
Problem Solver

Russian Hackers Targeting WiFi Networks

Does Comcast have something in place to fight this?

 

http://www.fox21news.com/news/local/russian-hackers-targeting-americans/1209570517

Regular Visitor

Re: rouoter reset

I'm sorry, but it requires the address to the router control panel and the password. Your job, not mine.

Expert

Re: rouoter reset


@azbutch wrote:

I'm sorry, but it requires the address to the router control panel and the password. Your job, not mine.


No it doesn't. What you're referring to is an alternate method to reset the gateway to factory settings, which will require a login to the gateway's admin control panel. If you haven't changed anything, the default logon is username admin, and password password.

Choose one, or the other. 

 

BTW, that's not "my job" any more than it's Apple's job to reformat my Mac's hard drive and restore OSX from Time Machine if I suffer a catastrophic system crash, or Ford's job to fill up my F-150 with gas when I  run low on fuel.

 

 

 


"The one thing that you have that nobody else has is you. Your voice, your mind, your story, your vision. So write and draw and build and play and dance and live as only you can." - Neil Gaiman
New Poster

Comcast Router

For those of us with a Comcast router, what if anything do we need to do regarding the FBI warning?  

New Poster

Re: Comcast Router

Thanks, see it now.  Some useful information for semi-illiterates like me but still lots of questions.  If Comcast really is putting out a statement that should provide some clarity.  Thanks for your many responses.  

Contributor

Re: VPNfilter malware

Is remote management actually disabled?  Xfinity has created a web page to manage your modem's settings.  Isn't that remote management?

Expert

Re: VPNfilter malware


@littlepeaks wrote:

Is remote management actually disabled?  Xfinity has created a web page to manage your modem's settings.  Isn't that remote management?



Yes, but you can’t just log directly into your gateway remotely from any location like you can with a lot of the affected routers. Even my ASUS RT-AC88U has that ability, but since it's not enabled by default, it's secure from VPNFilter intrusion.
You'd have to go through Comcast's xFi web portal to manage your network, and even then you'd have to validate your account before you're granted access. This isn't something botnet malware can do on its own.


"The one thing that you have that nobody else has is you. Your voice, your mind, your story, your vision. So write and draw and build and play and dance and live as only you can." - Neil Gaiman
Most Valued Poster

Re: FBI Router Warning


@billflyer wrote:

Is there any advice and/or help from Comcast about "resetting" or "rebooting" their router, as per the recent FBI recommendation?  I have their Arris TG1682G.  I'm semi-literate in these things, but I don't know much about routers and modems and I hesitate to dig in without assistance.

 

We don't have 'traditional routers'  with Comcast that they are talking about unless we buy and install them ourselves  which is usually to have a network of computers in our home or office. The gateway modems we get from Comcast are not what they are talking about as far as I can tell by researching and there has been zero mention of Comcast/FIOS, etc.   This article lists the routers that could be vulnerable. I am not the slightest bit concerned about my ARRIS modem.

 

https://www.cnet.com/how-to/the-fbi-says-you-should-reboot-your-router-should-you-explainer/

 

New Poster

FBI alert re: hacking router

Do i need to change password on my Comcast-supplied router based on recent FBI warning about hacking? (https://goo.gl/PwcbQm)

Silver Problem Solver

Re: FBI alert re: hacking router

No.  But it is best practices to change the default password to a different one.  If your password is password you should change it.


I am not a Comcast employee; I am just a customer, volunteering my time to help other customers here in the Forums.
New Poster

VPN Filter Malware

Do we need to reboot an Xfinity router due to this malware?

Contributor

Re: VPN Filter Malware

After reading most of the posts/replies in this thread, I have a thought.  The problem IMHO, is that the FBI and other government agencies do not try to go after the hackers involved -- these agencies have just become a bunch of record takers and statistics takers.  And they feel their job is to warn us -- then they're done.  If this is done by Russian hackers, has anyone from our government tried to contact the Rusiian government, and ask for their help in shutting these people down?  I know we're not on the best of terms with Russia, but it wouldn't hurt to ask, would it?

Expert

Re: VPN Filter Malware


@littlepeaks wrote:

After reading most of the posts/replies in this thread, I have a thought.  The problem IMHO, is that the FBI and other government agencies do not try to go after the hackers involved -- these agencies have just become a bunch of record takers and statistics takers.  And they feel their job is to warn us -- then they're done.  If this is done by Russian hackers, has anyone from our government tried to contact the Rusiian government, and ask for their help in shutting these people down?  I know we're not on the best of terms with Russia, but it wouldn't hurt to ask, would it?


The problem with malware of this type is that once it's out, anyone can use it. It may have been developed by a known Russian hacker group, but the people responsible might not actually be them. Heck, you can now rent a botnet and DDoS anyone. Even the NSA has developed hacking tools that some genius in their organization allowed to be leaked to the world at large, and now anyone can use them. 

 


"The one thing that you have that nobody else has is you. Your voice, your mind, your story, your vision. So write and draw and build and play and dance and live as only you can." - Neil Gaiman
New Poster

FBI warning for malware on routers

Does the recent FBI warning about malware on routers (home or business) affect the Xfinity modems?  If so, what should we be doing about it?  Thanks.

New Poster

VPNFilter Malware

Does xfinity automatically update the security software on our wifi modems to stop the new VPNfilter malware?

New Poster

Re: VPNFilter Malware

Does anyone have a definitive answer on whether or not we need to do a factory reset on the xfinity gateway to eliminate VPNFilter?

 

I connected with 3 Comcast support agents -- one by chat and two by phone -- and the answers i received ranged from "your router is protected, you dont' have to do anything" to "you need to change your firewall settings" to transferring me to Norton antivirus ?!? 

 

Needless to say, i don't have a lot of confidence in what I was told.

 

I asked for an official Comcast statement from the guy who said i didn't have to do anything but he couldn't provide one.  Has anybody seen one?

 

 

New Poster

Re: Checking current Firmware (if necessary)

 


@RobertWy wrote:

Comcast will make a public announcement.


Have they made a public announcement? I haven't seen anything.