1

My "story" is on Techist here, in case anyone wanted to read it and get all the background details.

But, the question I have is if I have malware on my router (which multiple computer forum websites have told me is possible - including users here), how would I go about cleaning/disinfecting it? I have been told that it is possible for there to be a type of malware on a router that would survive a factory reset. For example: Tom's Hardware.

If there was a corrupted or infected "firmware" update on the device then a factory reset would just go back to a compromised state. Many ISPs use branded routers with customized firmware. Therefore, it seems to me, that malware could be introduced in that manner.

Another example: Bleeping Computer.

When consumer routers are factory reset, it's all the settings that are reset to a default value. But the firmware (the programs) on the router is not reset. So if you have an infected router that has been programmed with malicious firmware, then doing a factory reset will not remove the malware.
You could install the latest firmware to overwrite the malicious firmware, but since the firmware upgrade is almost always done by the running firmware, then sophisticated malicious firmware can tamper with the firmware upgrade and persist.

But if we are just talking about a compromised router where the DNS settings have been changed to point to a malicious DNS server (without malicious code running on the router), then a factory reset will also reset the DNS settings.

If I happen to have one of those really, really evil types of malware that survive a factory reset and may have prevent a firmware update to overwrite it, then what can be done to 100% ensure my router is safe and the malware on it is gone? I am scared if I just factor reset it that a super malicious malware on it might just survive and continue to mess up my household's computing devices.

Would I ultimately need to throw the router out and buy a new one? Would that be effective (or would there be something that could still be left behind then)?? Any other solutions/options for me?

Anders
  • 64,406
  • 24
  • 178
  • 215
atrueidiot
  • 87
  • 1
  • 6
  • Buying a new one would be effective as long as there's nothing else on the network to compromise the new one. It would also be a good idea to choose your next router based on its security track record which would exclude 90% of the consumer-grade garbage. – André Borie Oct 18 '16 at 01:30
  • @AndréBorie - I'm thinking of just buying a new one, because it saves time researching this stuff and it seems fail safe (whereas the other methods might have "holes" in them). Also, you say that 90% of consumer-grade routers are garbage. But, I think Verizon requires or, at least, highly suggest that you use their prescribed routers, because they supposedly are built for Verizon's service. I feel like I wouldn't know what router to buy if not a Verizon one. Would just buying another Verizon router by okay if I promised to never visit porn sites again and practiced good security now? – atrueidiot Oct 19 '16 at 05:30
  • What about looking around to see which technology VZ uses to connect your router to the network (probably PPPoE?) and buying one that supports it? The vulnerabilities with most routers aren't about your computer or the sites you visit, they're mostly about the fact that the router is visible on the internet and gets all the attacks, scanners, etc. Given that they're never updated sooner or later they will fall to one of those attacks and become compromised. – André Borie Oct 19 '16 at 08:21
  • @AndréBorie Eeek! You're saying any router would fail in the future? But, would that mean it wouldn't matter whether I bought a Verizon sponsored router or not? I'm very, very tech illiterate, so even the searching for stuff I fear, b/c I worry I'd do it wrong and waste time/money. I'm not sure what PPoE, but I can look into it and maybe call Verizon about what they use. I was thinking honestly at this point that I'd be willing to just pay the $150 or whatever (as long as not too expensive) to just buy a new router with Verizon (I know they'd at least work) and save time, since it = $ – atrueidiot Oct 19 '16 at 08:32
  • Yes, unless you can write absolutely perfect software, there will be bugs and they will be discovered and exploited to compromise the device. The solution is to have regular updates. This is the difference between consumer-grade garbage and a *real* router where the manufacturer has a proven track record of providing regular updates for the device to patch vulnerabilities that have been discovered. – André Borie Oct 19 '16 at 08:38
  • I can look into this alternative option, Andre. How would I know which manufacturers are good ones? Are there good lists you know of? – atrueidiot Oct 19 '16 at 08:40
  • Also, if you're story is correct, does that mean almost everyone gets hacked or malware sooner or later? – atrueidiot Oct 19 '16 at 08:41
  • First, reboot the router. But second, if it persists, I would recommend buying another router of a newer or different brand. Or, like I do, install a brand-name firewall appliance between the modem and the rest of your network. Then the routers are at least protected against requests from outside. – SDsolar Jul 24 '17 at 19:13

0 Answers0