Why You Shouldn't Use Microsoft Windows11.

...

LMDE5 - Linux Mint Debian Edition.

LMDE5 -...

Why Should I Not Use Windows10?

Here are a...

VIVO Mitrastar Modem and Router Infected with Malicious Code

English

VIVO Mitrastar Modem and Router Infected with Malicious Code.

VIVO is a registered trademark of Telefônica Brasil, a subsidiary of Telefónica and the largest telecommunications company in Brazil, headquartered in São Paulo.

This will only affect Brazilians, so if you are one of them, read carefully why you should change your ISP ( Internet Service Provider ) if you are a customer of VIVO.

A friends familys VIVO Mitrastar modem/router was compromised ( hacked ) last Wednesday on October the 19th and after connecting to it using a secure computer, I was able to find both code that doesn't belong to the original Firmware ( it is basically a backdoor ), so disconnecting or resetting to factory settings doesn't remove the malicious code.

First sign of a hacked router:

First sign of a hack is the mouse icon on the modem/router flickering red or turning permanent red ( Note: Vivo will tell you there are problems in your area and it will soon be resolved ). Malware on a router can go undetected for months if the effects are subtle and you do not have access to an expert.

Here is a free tip, look in the browser window, while accessing the router:

Access IP: 192.xxx.xx.x

After you login with the manufacturers credentials, change both the administrative credentials and Wi-Fi to the most secure passwords possibly allowed, mix letters, symbols and numbers.

When you are done, the IP/URL should look like this:

192.xxx.xx.x/name.html

An infected modem/router URL looks like this:

Disconnect all devices and request a new modem/router:

192.xxx.xx.x/cgi-bin/sophia_index.cgi

Note: VirusTotal can not detect this as malicious !

DO NOT TRUST WHAT THE SUPPORT TELLS YOU:

Disconnect your devices and connect one secure computer ( Linux ) is recommended, but if all you have is Windows, go with that. Just make sure it is clean ! That means no documents, photos or anything that can connect your identity with it.

Download and install WireShark and start logging all traffic to and from your router !

There are other tools, but for legality reasons I will only recommend this as it is very excellent and is part of the CISCO Network Training.

If you do not know how to read the data, ask someone with a very basic minimum of a CISCO CCNA training, it is better than nothing.

Investigating:

However while investigating I traced it back to Ashburn, Virginia, which apparently has alot of data centers. I sent over the information I gathered to the local sheriffs office, who was kind enough to actually go to that location, but the house looked abandoned and he explained that they get alot of these requests in that particular area. So it would seem the best bet is to contact the ISP ( Data center ) that owns the intruders IPs and have them look into it.

Firmware updates:

Since I did not have access to the original firmware, nor any updated version of it, the modem/router was descarted of on October 26th.

Vivo support equals low quality:

My friend called VIVO support and was told that the technician would be there somewhere between 15:30 - 18:00 on the 21st of October, second promise, which they yet again broke.

Third call to Vivo support, now they promised the technician would be there on Saturday the 22nd of October to resolve the problem and the hours given was between 12:30 - 18:00h, guess what nobody showed up.

Fourth call to Vivo support, in vain, no technician.

Fifth call to Vivo support: New promise, technician will arrive tomorrow 25th of October.

Sixth call to Vivo support, (3) times on October 25th: The technician did not show up again, yeah this is high quality support ! They wanted my friend to rate their service, well since there is no option lower than 1, this is what they got, then they hung up. Wow...

Read below why it is so difficult to just switch out the infected modem/router to the latest model available to them and why it is even more difficult for them to actually show up on appointments.

The 26th of October: A technician appears with a brand new model of a modem/router.

As per requested by the friends family, I went there to meet this technician and begin explaining, why he must change the router.

First thing that comes out of this guys mouth is: I do not believe it is hacked, why would anyone hack an ADSL modem/router with just 15MBps?

Now, hearing these words from a technician working for Brazils largest ISP and telecom company, made me wonder about the quality of education here.

So I started by explaining the basics of networking and how a router works, then fired up Wireshark, showing the "technician" how it works, the intruders IP-address, full name, address, phonenumber, even the layouts of her home and more.

Then his jaw almost drops to the floor and says "You can do all this?", my answer was simple and direct: yes and much more. Then I of course had to explain why, someone would want to hack even something as slow as 15MBps.

Then to finalize it, I showed him the malicious script, now the guy understands, so he asked me what to do with the infected modem. I told him to smash it and throw it in a dumpster.

Why the technician did not come when promised:

Now we are becoming friendly and he begins to explain why it took so long for him or any other fellow technician to show up, just to change the modem/router. They are heavily underpaid and feel like they are working for free and thus they only do the simple things, they do not like climbing stairs and keep to quick and easy jobs and simply ignores the rest, unless !

The bribe:

However, if you pay them under the table or simply "bribe" them, they can even get you a fibre connection setup fast and you do not have to wait in line, thus calling the supportline is just stupid. Well how about that?

He also told me to find a technician for whatever ISP my friend wants and to offer extra money and they will fix it quickly for you.

This means you pay the installation fee to the ISP and an extra fee for the technician.

I do not believe in complaining here: ReclameAqui.

Dumb People, do dumb things:

I found some advertisements for used Vivo modems online on Brazilian sites, showing the login credentials and default password. DO NOT BUY A USED VIVO MODEM  /ROUTER !!!!!

My recommendation to Vivo users:

Change Internet Service Provider a.s.a.p, where it is possible to do so and do some research to see if the other ISP offers a separated modem and router, plus most important offer security updates. It might cost a little bit more, but you will be happy you made that investment.

Why should modems be separated from the router?:

Modems can get viruses and are usually the hackers first target, but they’re more secure than Wi-Fi routers or the combination of the both. A modem connects your LAN to the Internet and is less prone to get infected by Malware.

As is the case with the Taiwanese made MitraStar that Vivo provides its customers with is, a relatively modern modem with embedded router, Wi-Fi access points, telephone adapter and other given points of attack.

The router:

The router connects you to any device on your Local Area Network (LAN) or WLAN ( Wi-Fi ). You should not invest in anything less offering the latest WPA3 and is VPN compatible.

Besides this, it is important that the manufacturer of the router you are buying is supporting it with security updates ( new firmware ).

Malware on a router, why it is so dangerous:

Malware on a router can spread to any device that connects to the router. Especially if it is unprotected ! Therefore, I recommend disconnecting all devices from your network until the problem is solved.

The virus can collect all your data, which means: Emails, photos, documents, credit card details, bank login and more, then send it to the hackers computer or the hacker can be logged in on your router, logging all data in real-time.

Besides this they can hijacking your router’s DNS settings, making a legitimate site’s name appear in your address bar, but in reality, you’ve been sent to a spoofed ( copied ) site, where if you login, will give away your credentials.

THE FBI RECOMMENDS ( WORLDWIDE ):

You might have seen the headline: FBI wants you to reset your router.

This may only work in some cases where your router has been accessed as in your login name and password has leaked online or been cracked. Obviously just resetting it will not guarantee, the hacker or hackers will not be able to access it again.

Note: The journey ended on the 26th of October.

Vivo website

 

Support Us By Donating A Small Amount

 
If you find this site helpful, please consider donating a small amount.
Please use our contact us form and we will give you the relevant information to make a donation.
We accept BitCoin and ZCash at the moment.

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.

Disclaimer

All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.

 

Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.

 

Limited Time Offers

NordVPN + 3 Months