 While I have certainly lost track of how many times I've asked people to turn it on off again, not often does the FBI ask you to reboot things. And if you're wondering if it's a good idea to reboot when the FBI says to, it actually is. It shouldn't hurt anything rebooting in general, but this is actually more importantly a good idea. Let's talk about what's going on here, because it's kind of interesting. And it's not something like I don't recall the FBI saying, hey, can you reboot your router? Not a usual thing. So let's talk about what's going on here. So if you didn't see, of course, it's been going around, there's a malware threat referred to as VPN filter. More specifically, it is a botnet. So let's talk a little bit about what VPN filter is other than a weird name for a botnet. At least I think it's weird, I don't know. So it's a router malware with destructive capabilities. Let's talk about what's affected by this links us e 2100 e 2500 and a lot of other ones netgears. There's a pretty interesting that the QNAPs are affected as well, a few other QNAP devices, TP links, and what other ones Oh, some of the mirror tick ones. Now these are the known devices that are affected, there's probably even more of them. These are ones that they tell us research, which is the security company that Cisco owns security researchers. This is the ones that they've identified that are affected by VPN filter, but they do realize there could be others or could be more on there. Now, let's break down this little complicated thing right here. And this is part of the telos blogs. If you type in TLOS VPN filter, you'll come to their blog about it. And this is a very large botnet because there's 500,000 devices. And what it has and why you have to reboot is the command and control server was seized by the FBI. Hence, why the FBI is the one asking you to reboot it. And what the command and control server is kind of interesting. So you have stage one, which stage one means your router gets infected. If you have one of the effective routers, it installs stage one, stage two says talk to server. It was TOK n o w a l dot com and photo bucket. If you don't recall photo bucket from the days of my space, I guess it's still around. I didn't realize that but it was a place where you could share photos and things like that. But it in a very clever twist, it's able to take a photo that looks like an image and essentially it's using like a second biography to pull details out of that photo to get some of this stage one information and what it should be doing for the attack server. So as the FBI has seized control of the command and control systems, rebooting it fixes it because stage one simply says, okay, I'm infected, but I'm awaiting instructions. Stage two is deploy the instructions. Now, when you reboot it, stage one starts over again, looking for the command and control server to try to do this. But stage two is actually go ahead and make this more permanent installs in there. Now, this is not something we've seen as much of, which is routers that get infected and it survives a reboot most of the time when the routers get hacked or infected, either a changes settings in the router or creates what they refer to as a non persistent threat that is only in memory. So because it's in memory and not written to the systems itself inside these routers, a reboot simply clears the exploitation and your router becomes back to normal. Now, part of the reason this is so hard and why this got so big is because it doesn't really affect if you have one of these routers you're not dramatically affected with your internet. Now, this also makes it really hard to defend against one of these botnet attacks. And what a botnet attack is, is most of the time related to denial of service. In denial of service, you can simply sum up as what if everyone tries to call your phone number at once, what if you're a large company and you're going, we have a call center that can handle up to 100 calls a minute. Well, what if they make that 10,000 calls or 100,000 calls or in the case of this 500,000 hits at once. So the scale and scope of it makes it really difficult to deal with and the fact that it's a bunch of consumer routers that are attached all over the world globally, I can't pick and choose what to block. So that's what makes this attack very, very effective, because it's spread out across the world. And these all these routers come together in one place based on the attack factors that are chosen. So they've been choosing targets in the UK, they think it's a Russian hacking group, attribution, I will say this and I've said this many times, anytime I talk about hacking, super hard to figure out who wrote it. It's not like they signed your name to it. So it's not, it seems like based on things that they have, and you can read into the details on the tales blog of why they think it's them. But the short answer is whoever's doing it doesn't matter reboot to get rid of it. Now, other things you're going to have to do to get rid of it first, if you have any of these on the list, just replace them. They're not that great. So replace them or potentially if you load new versions of firmware on each of these or the same firmware. And I say that because in theory, and I don't have enough of these to test, and there's not a ton of information, but it should if you have one of these, and you have to reload the same firmware over the top of it, it should overwrite the stage one on there. But honestly, if you have these devices, I'm probably going to suggest that you just replace them. And that way you don't have to worry about them being infected or some other piece that may have been missed because there was a vulnerability in these. In short, anytime you get someone inside of one of these devices, that's a time to really think about, you know, completely wiping it and loading it clean, which would be the new firmware. But if the device already has some trust issues, you may want to consider routers are not super expensive. They protect your network from problems like this or from your network being turned into an attack vector, which was the case here. So do consider I mean, they're not that expensive for routers that are equivalent to these are generally less than $100 for some of them. But that being said, do reboot your router, even though it's an odd thing for the FBI to say it is a good idea. It is a good idea to consider a higher quality router. This is one of the reasons I'm a big fan of software based routers like PF sense for to protect your business because much more dynamic control and easier to push updates because you're running on different types of hardware that makes a little bit better. That being said, you may notice that a lot of these are generally your consumer ones like this Linksys e 2500. So they're not really your commercial high end routers or things like that. Anyways, they're not something. Yeah, not something all that great. So definitely just in general, starting with a higher end router will protect you better and make your life that much easier. Now the good news is none of these are the ones that your cable provider generally provides. None of these are ones that I see provided from cable writers. So I'm happy to say that I don't see those. So sometimes this actually you trying to replace your cable modem provided by Comcast or wide open Western, whoever your internet provider is Cox internet, these actually downgraded your level of security from them. So something to think about something to consider short term, reboot your router long term. If you have one of these, just probably time for an upgrade and get a new one. Thanks for watching. If you liked this video, go ahead and click the thumbs up, leave us some feedback below to let us know any details what you like and didn't like as well because we love hearing the feedback or if you just want to say thanks, leave a comment. If you wanted to be notified of new videos as they come out, go ahead and subscribe and the bell icon that lets YouTube know that you're interested in notifications. Hopefully they send them as we've learned with YouTube. Anyways, if you want to contract us for consulting services, you go ahead and hit launch systems.com and you can reach out to us for all the projects that we can do and help you. We work with a lot of small businesses, IT companies, even some large companies and you can farm different workout to us or just hire us as a consultant to help design your network. Also, if you want to help the channel in other ways, we have a Patreon, we have affiliate links, you'll find them in the description. You'll also find recommendations to other affiliate links and things you can sign up for on launch systems.com. Once again, thanks for watching and I'll see you in the next video.