FBI sinkholes a key domain used by the malware that infected 500,000 home routers, declares partial victory and Russian attribution

Originally published at: https://boingboing.net/2018/05/24/whew-i-think.html

1 Like

Hmmmm… I just went to http://toknowall.com and it does not appear to be “sinkholed”. There appears to be a server there, and it responds with the following:

HTTP/1.1 200 OK
Date: Thu, 24 May 2018 16:24:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=da9a23fd0f95a79d4c0d3d57949cf95841527179057; expires=Fri, 24-May-19 16:24:17 GMT; path=/; domain=.toknowall.com; HttpOnly
Last-Modified: Tue, 22 May 2018 20:26:38 GMT
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 42011c9423fb8d2f-PDX


So I am concerned that the suggested patch (reboot your router now) will be ineffective.


Oops! I missed this bit in the headers:

Server: cloudflare

So the server may well be down but its CloudFlare service is still delivering cached pages.


Yeah, provider caching may keep things alive for a little bit as well, but I suspect the worm has been nerfed. Another bullet dodged.

This topic was automatically closed after 5 days. New replies are no longer allowed.