Latest in Gear

Image credit: releon8211 via Getty Images

FBI seizes domain behind major Russian botnet

By doing so, authorities can prevent reinfection and put a stop to the botnet.
540 Shares
Share
Tweet
Share
Save

Sponsored Links

releon8211 via Getty Images

The FBI has seized a domain linked to what's believed to be a Russian botnet composed of 500,000 infected routers around the world. According to the Department of Justice, the botnet -- that is, a network of computers infected with malware -- is under the control of Russian hacking group "fancy bear" or "Sofacy." Authorities believe the group was also behind the Democratic National Committee breach during the Presidential Elections in 2016. Sofacy reportedly use a malware called "VPN Filter" to exploit the vulnerabilities in home office routers manufactured by by Linksys, MikroTik, NETGEAR, and TP-Link and QNAP.

The Daily Beast says the malware reports back to an infrastructure -- either a set of photos the hacking group uploaded on Phobucket or the URL ToKnowAll[.]com -- once it has infected a router. That infrastructure then installs plug-ins that can steal log-in credentials or use computers to attack industrial control networks like the power grid's. Photobucket already deleted those photos, and now authorities have seized the ToKnowAll[.]com to prevent the malware from being able to do anything harmful.

Based on the data the FBI gathered, the malware has to reconnect to an infrastructure every router reboot, so getting control of the ToKnowAll[.]com domain means being able to disrupt the botnet in a big way. The FBI will now be able to see the IP addresses of people whose machines had been infected with the malware. Symantec technical director Vikram Thakur explained to The Daily Beast: "One of the things they can do is keep track of who is currently infected and who is the victim now and pass that information to the local ISPs. Some of the ISPs have the ability to remotely restart the router. The others might even send out letters to the home users urging them to restart their devices."

Since the malware is known to be present in 54 countries, including the United States, router-makers are now encouraging users to reboot their devices and to install the latest firmware to patch the vulnerability.

Coverage: CNBC
In this article: botnet, fbi, gear, russia, security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
540 Shares
Share
Tweet
Share
Save

Popular on Engadget

Apple plans software fix for 16-inch MacBook Pro 'speaker popping'

Apple plans software fix for 16-inch MacBook Pro 'speaker popping'

View
Elon Musk wins defamation trial over ‘pedo’ remarks

Elon Musk wins defamation trial over ‘pedo’ remarks

View
‘Reno 911!’ is coming back as a Quibi exclusive

‘Reno 911!’ is coming back as a Quibi exclusive

View
Readers weigh in on what makes the OnePlus 7 Pro a worthy contender

Readers weigh in on what makes the OnePlus 7 Pro a worthy contender

View
Magic Leap reportedly only sold 6,000 AR headsets in six months

Magic Leap reportedly only sold 6,000 AR headsets in six months

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr