News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Gafgyt IoT Malware Targets Old Routers for Botnet Army

    Home Forums AskWoody support Connected home / Internet of things Gafgyt IoT Malware Targets Old Routers for Botnet Army

    Viewing 6 reply threads
    • Author
      Posts
      • #1996914
        Kirsty
        Manager

        This aggressive IoT malware is forcing Wi-Fi routers to join its botnet army
        Gafgyt has been updated with new capabilities, and it spreads by killing rival malware.

        By Danny Palmer | October 31, 2019

         
        Tens of thousands of Wi-Fi routers are potentially vulnerable to an updated form of malware that takes advantage of known vulnerabilities to rope these devices into a botnet for the purposes of selling distributed denial of service (DDoS) attack capabilities to cyber criminals.

        A new variant of Gafgyt malware – which first emerged in 2014 – targets small office and home routers from well-known brands, gaining access to the devices via known vulnerabilities.

        The routers being targeted by the new version of Gafgyt are all old – some have been on the market for more than five years. Researchers recommend upgrading your router to a newer model and that you should regularly apply software updates to ensure the device is as protected as possible against attacks.

         
        Read the full article here

        4 users thanked author for this post.
      • #1996985
        OscarCP
        AskWoody Plus

        Any recommendations for buying new browsers and, if possible, which brands and models, given this unsavory news?

        Windows 7 Professional, SP1, x64 Group W (ex B) & macOS Mojave + Linux (Mint)

      • #1997014
        wavy
        AskWoody Plus

        Maybe one that has OpenWRT (now LEDE) or DD-wrt support where stuff gets updated after the manufacturer has long abandoned their product.

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
        1 user thanked author for this post.
      • #1997040
        CADesertRat
        AskWoody Plus

        I noticed in the article that my old router (at least 13 yrs. old) wasn’t mentioned as being a target “yet”. I’ve looked at newer routers and they all seem to have the interface in the cloud instead of locally and I do not want to be in the cloud with my router access. Are there any decent routers that give local access (some ASUS routers do but they are older models not sure about the newer ones)??

        Don't take yourself so seriously, no one else does 🙂
        4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

        • #1997079
          Ascaris
          AskWoody_MVP

          I just posted a side comment on the IoT privacy thread Oscar started that I happened to find a deal on a new router.  For $31 (free shipping) on closeout at Best Buy, it has gigabit ethernet and dual-stream dual-band AC, and even though my existing (dual band, dual-stream N) router works fine, I couldn’t pass that up. DD-WRT has a firmware build for this model too, which is what I had been using on my old router.  It’s a decent upgrade (300 Mbps to 867 Mbps wireless speed) on the wireless end, and all of my main laptops are capable of using that 867 Mbps speed.  My desktop uses wired ethernet.

          The point of mentioning it in that other thread was to criticize and poke a little fun at its description as a “Smart wifi” router, as routers are actually SoC computers that are already pretty “smart.”  “Smart” things are devices that usually don’t have (much) computing power, but now they do.  Something that was already a computer doesn’t count!  Making it interface with a mobile app that can control it “from anywhere in the world” doesn’t make it any smarter, but it does make it more vulnerable.

          Fortunately, the ability only works if you create a Linksys account and log into that from your mobile device and your router.  The service to operate this bad idea, as I understand, doesn’t even start until it’s initiated from the router locally.  It’s a monumentally bad idea, but you don’t have to use it.  And if there’s concern over the mere existence of the feature, even if it is disabled, there’s the DD-WRT firmware, and there may be others too.  I’ll probably switch to DD-WRT before the router reaches the point where its manufacturer forgets about it and does not offer any more updates.

          Other than that silly feature, it seems like a pretty decent router so far.  It’s really cheap, too, and it has a gigabit switch, which I learned is rare in lower priced routers.  They have faster wifi speeds than the ethernet switch!  That’s just… wrong.  How useful is a high speed wireless connection for most people if their internet (and the connection to any wired PC, like NAS would be) is stuck at 100 Mbit?  Who wants that?

          Group "L" (KDE Neon Linux 5.21.2 User Edition)

          2 users thanked author for this post.
        • #1997736
          CADesertRat
          AskWoody Plus

          Just to add to my original post, I have always stuck with this old router because the latest & greatest routers are advertising high speeds and this router works great after all these years BUT I’m in a rural area with wireless and the top speed I can get on a good day is 15 Mbps so a fast router is a bit of overkill for me. However there would be security concerns with the old router since the last firmware update was quite a few years ago.

          Don't take yourself so seriously, no one else does 🙂
          4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

          • This reply was modified 1 year, 4 months ago by CADesertRat.
          1 user thanked author for this post.
          • #1997758
            PKCano
            Manager

            The Internet speed you get is probably limited by your ISP connection (WAN). Where a fast router is beneficial is on your local network (LAN). If you transfer data between you computers you take advantage of the fast connections.

            1 user thanked author for this post.
            • #1997771
              CADesertRat
              AskWoody Plus

              The Internet speed you get is probably limited by your ISP connection (WAN). Where a fast router is beneficial is on your local network (LAN). If you transfer data between you computers you take advantage of the fast connections.

              Yes, the ISP is the limitation for Internet and my LAN seems pretty darn fast as is even with this old router. Of course that could be because I’m used to the LAN speeds LOL. 🙂

              Don't take yourself so seriously, no one else does 🙂
              4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

              • #1997993
                Ascaris
                AskWoody_MVP

                If you have a gigabit switch in your old router, that will be far faster than any wifi that existed 15 years ago.  I don’t know exactly when gigabit became common/affordable, but my 10 year old Netgear WNDR3700 router has one.

                I really didn’t need the new router, as I used wired ethernet for all of my heavy duty file transfer needs (the Acer Swift uses a USB3-to-ethernet adapter, as it has no ethernet port), but it’s still nice to be able to get decent speeds while not wired (like if one of the laptops is in use in another part of the house, where there are no ethernet cords handy).

                As for my internet… 10/100 would be more than enough to keep it from bottlenecking at the LAN.

                Group "L" (KDE Neon Linux 5.21.2 User Edition)

          • #1997805
            Myst
            AskWoody Lounger

            However there would be security concerns with the old router since the last firmware update was quite a few years ago.

            I was thinking the same, after reading about this new attack on routers, it’s my honest opinion it might be wise to upgrade. My ISP is a stickler for using products “approved” for use on their end, and we recently switched out from the old to a router that uses WPA2 and better services on the whole. However, it no longer receives updates and we’re a little concerned with this new threat. The newer model has been working flawlessly with no dropped connections, but … it’s old with no support in the way of updates, etc. Again, out with the old just to keep up with the every changing world of insecurities.

            Win7 Home x64 MacOS Chromebook

            • #1998149
              Paul T
              AskWoody MVP

              If you’ve turned off remote admin access and set a decent admin password there should be no problem with your router being hacked.

              cheers, Paul

              5 users thanked author for this post.
        • #2003700
          Michael432
          AskWoody_MVP

          Yes, Asus still offers a web interface. Netgear and Synology too. So does my favorite company, Peplink. Here is a writeup on their cheapest router, the Surf SOHO

          https://www.routersecurity.org/pepwavesurfsofo.php

          It is also getting harder and harder to find a router company that does not spy on you. Peplink is great in this regard too.

          Get up to speed on router security at RouterSecurity.org

          4 users thanked author for this post.
          • #2003715
            CADesertRat
            AskWoody Plus

            Yes, Asus still offers a web interface. Netgear and Synology too. So does my favorite company, Peplink. Here is a writeup on their cheapest router, the Surf SOHO https://www.routersecurity.org/pepwavesurfsofo.php It is also getting harder and harder to find a router company that does not spy on you. Peplink is great in this regard too.

            That’s quite a write-up on Peplink but it’s a bit above my paygrade being retired and all but good info none the less. Thanks

            Don't take yourself so seriously, no one else does 🙂
            4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

      • #1997700
        wavy
        AskWoody Plus

        Cloud is an option that can usually be avoided, some netgears have this feature, I am forgetting what I did to get around that.

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
      • #2003411
        JohnW
        AskWoody Lounger

        If you’ve turned off remote admin access and set a decent admin password there should be no problem with your router being hacked.

        cheers, Paul

        I have an older, way past 5 years old, Netgear N300 WiFi router with WPA2 that has performed flawlessly. However, there has not been a vendor update for that version in many years, although newer models have been released.

        I have disabled remote management access, and I hope that is enough.

        • #2003701
          Michael432
          AskWoody_MVP

          See the home page of RouterSecurity.org for some tweaks to improve the security of any router. Running a router with unsupported firmware is no different than running Windows XP. Perhaps even more dangerous.

          Get up to speed on router security at RouterSecurity.org

          5 users thanked author for this post.
          • #2003719
            JohnW
            AskWoody Lounger

            Thanks for that link! The site has some great information in one place!

            After reviewing the checklists, I believe that I am in good shape as far as securing my router. I had already employed all of the suggestions made. Locked down!

            My earlier query was mostly a curiosity about the true risk of running older routers. My router firmware is almost 2.5 years old, so I searched my router vendor for security bulletins on my model and nothing matched.

            I am particularly happy to see the Router Security site recommend using separate private and guest Wi-Fi networks with isolation for the guest network. When isolating the guest network, devices using that can only see the internet, but none of the other local network devices on the private network.

            All of my mobile devices are restricted to use the guest network only, so even if they are compromised when I am out and about, they cannot communicate with other devices on my private network when I connect them at home.

            • #2004293
              Michael432
              AskWoody_MVP

              If your router is a consumer device it may have been abandoned. No firmware update for 2.5 years seems like it is the end of the line. Your vendor may have a list of EoL devices. Worth checking.  If you are comfortable still using Windows XP, then keep using the router.

              Get up to speed on router security at RouterSecurity.org

      • #2003667
        wavy
        AskWoody Plus

        I would also make sure UPnP is disabled

        🍻

        Just because you don't know where you are going doesn't mean any road will get you there.
        1 user thanked author for this post.
        • #2003698
          JohnW
          AskWoody Lounger

          Yup, that’s the first thing that I disabled way back when I bought the router!

          Cheers! 🙂

          1 user thanked author for this post.
    Viewing 6 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Gafgyt IoT Malware Targets Old Routers for Botnet Army

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.