NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

WTMorgan's avatar
WTMorgan
Tutor
Dec 02, 2017
Solved

Scam "Firmware Update" email - 12/01/2017

On 12/01/17, I received an email titled "Important Security Update from NETGEAR", sent from "<security@e.netgear.com>". It directed me to visit netgear.com/support to obtain a download of a new firm...
Security
  • IrvSp's avatar
    IrvSp
    Dec 02, 2017

    Yes, you got the RIGHT thing, the ZIP file with 2 files in it:

     

    K:\Inet DL\R7000-V1.0.9.14_1.2.25>dir
     Volume in drive K is Disk_K
     Volume Serial Number is 0F0B-10C0

     Directory of K:\Inet DL\R7000-V1.0.9.14_1.2.25

    12/01/2017  03:45 PM    <DIR>          .
    12/01/2017  03:45 PM    <DIR>          ..
    11/08/2017  10:31 PM        30,859,322 R7000-V1.0.9.14_1.2.25.chk
    12/01/2017  04:03 AM             2,894 R7000-V1.0.9.14_1.2.25_Release_Notes.html

     

    The reason Windows calls a file with an extension of .chk a "recovered file fragments" is because when CHKDSK finds file problems it creates a file with that extension.

     

    It is ALSO a file extension NetGear uses for it flashes.

     

    All you need do is open the browser to the Router, go to the Advanced tab -> Administration -> Router Update and browse for that .chk file and UPLOAD it.

     

    Alternatively from that same page you could CHECK for a new version, but sometimes it takes a few days after release for that to work and be able to get the new flash for you.

     

    There is no way to click on that file and have it do the update, only the process above.

WTMorgan's avatar
WTMorgan
Tutor
Dec 02, 2017

Yep, the "blast" outfit checks out (it is, as you point out, just a mass-mailing outfit), but I'm now puzzled as to why Malwarebytes blocked the linked site. 

Yeah, I didnt really need to formally logon to netgear, but was just trying to be careful - and I never use common credentials across sites.

Thanks again for your help in addressing my concerns! Truly appreciated!

 

IrvSp's avatar
IrvSp
Master
Dec 02, 2017
WTMorgan wrote:

but I'm now puzzled as to why Malwarebytes blocked the linked site. 


Well it could have been a spam site. Don't forget, what you see in an e-mail client as a link isn't always the true link you will go to. You'd have to look either at the status line when the mouse is over the link if your e-mail client has one otherwise the e-mail source to determine if the link shown is the same you would go to.

 

Also possible it was the first time you went to that particular site (or in the case of the d/l it is NEW and Malware detected it) and Malware was warning you? Hard to say without more details. Malware might also have a log that would add more info why it did that?