Update: The FBI’s original directive mistakenly included two models, the E100 and E300. The agency has since revised the list to exclude them, and we’ve updated this post accordingly.
If you were spooked by yesterday’s news that thousands of ASUS wireless routers have been compromised by a botnet, and are thinking about buying a new router, here are some models to not add to your cart per a recent FBI advisory.
According to a recent report by the agency, hackers are exploiting at least 13 older routers, mostly sold by Linksys under the Cisco brand, to power botnets and hide malicious activity.
These are “end-of-life” models, meaning they no longer receive software updates and are essentially wide open to known vulnerabilities.
The routers have reportedly been hijacked using malware known as TheMoon, which has been floating around since 2014. The malware allows attackers to control infected routers remotely, spread to other devices, and reroute web traffic through proxy networks.
In fact, the FBI has already seized two proxy services (Anyproxy and 5Socks) that were allegedly powered by these compromised devices.
Here’s the full list of models flagged by the FBI:
- E1200
- E2500
- E1000
- E4200
- E1500
- E3000
- E3200
- WRT320N
- E1550
- WRT610N
- M10
- WRT310N
Two possible mistakes
A quick note: there was some confusion about the E100 and E300 models. As reported by PC Mag:
“The E300 and E100 might refer to products from Cradlepoint. But Cradlepoint’s owner Ericsson told us the E100 and E300 aren’t end of life routers. The company added: “It appears there was an error in the advisory, where ‘E100’ was listed instead of ‘E1000.'”
Regardless, if your router’s on this list and it hasn’t seen a software update in years, now’s probably the time to replace it. And if you were thinking about saving a few bucks and getting an older router to replace your current one, you might really want to avoid those specific ones.
FTC: We use income earning auto affiliate links. More.
Comments