Windows 10: FBI recommends to reboot routers to kill VPNFilter malware

  1. Brink's Avatar
    Posts : 33,245
    64-bit Windows 10 Pro build 18262
       26 May 2018 #1

    FBI recommends to reboot routers to kill VPNFilter malware


    FOREIGN CYBER ACTORS TARGET HOME AND OFFICE ROUTERS AND NETWORKED DEVICES WORLDWIDE

    SUMMARY
    The FBI recommends any owner of small office and home office routers power cycle (reboot) the devices. Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide. The actors used VPNFilter malware to target small office and home office routers. The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.

    TECHNICAL DETAILS
    The size and scope of the infrastructure impacted by VPNFilter malware is significant. The malware targets routers produced by several manufacturers and network-attached storage devices by at least one manufacturer. The initial infection vector for this malware is currently unknown.

    THREAT
    VPNFilter is able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router. Detection and analysis of the malware’s network activity is complicated by its use of encryption and misattributable networks.

    DEFENSE
    The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.

    Authorities and researchers still don’t know for certain how compromised devices are initially infected. They suspect the attackers exploited known vulnerabilities and default passwords that end users had yet to patch or change. That uncertainty is likely driving the advice in the FBI statement that all router and NAS users reboot, rather than only users of the 14 models known to be affected by VPNFilter, which are:

    • Linksys E1200
    • Linksys E2500
    • Linksys WRVS4400N
    • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
    • Netgear DGN2200
    • Netgear R6400
    • Netgear R7000
    • Netgear R8000
    • Netgear WNR1000
    • Netgear WNR2000
    • QNAP TS251
    • QNAP TS439 Pro
    • Other QNAP NAS devices running QTS software
    • TP-Link R600VPN

    Read more:
      My ComputersSystem Spec

  2.    06 Jun 2018 #1

    FROM RUSSIA WITH LOVE —

    VPNFilter malware infecting 500,000 devices is worse than we thought

    Malware tied to Russia can attack connected computers and downgrade HTTPS.
    source: Ars Technica Article

    Ruh-roh. I retired 2 routers due to this attack and now . . .
      My ComputerSystem Spec

  3.    07 Jun 2018 #2

    Oh dear! Does anyone know if Virgin Media Superhubs are vulnerable to this? It's not possible for users to update the firmware on these since firmware is updated automatically by Virgin Media.
      My ComputersSystem Spec

  4. Cliff S's Avatar
    Posts : 21,755
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       07 Jun 2018 #3

    The list just got a lot bigger: VPNFilter Can Also Infect ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE Devices

    Below is the updated list of routers and NAS devices targeted by the VPNFilter malware. Cisco said last month that VPNFilter does not use zero days to infect devices, meaning all the listed models are vulnerable via exploits against older firmware releases, and updating to the latest firmware version keeps devices out of the malware's reach.If users can't update their router's firmware, can't update to a new router, but would still like to wipe the malware from their devices, instructions on how to safely remove the malware are available in this article.

    Removing VPNFilter from infected devices is quite a challenge, as this malware is one of two malware strains that can achieve boot persistence on SOHO routers and IoT devices. Furthermore, there are no visible signs that a router has been infected with this malware, so unless you can scan your router's firmware, even knowing you're infected is a challenge. The best advice we can give right now is to make sure you're running a router with up-to-date firmware.


    Asus Devices:
    RT-AC66U (new)
    RT-N10 (new)
    RT-N10E (new)
    RT-N10U (new)
    RT-N56U (new)
    RT-N66U (new)

    D-Link Devices:
    DES-1210-08P (new)
    DIR-300 (new)
    DIR-300A (new)
    DSR-250N (new)
    DSR-500N (new)
    DSR-1000 (new)
    DSR-1000N (new)

    Huawei Devices:
    HG8245 (new)

    Linksys Devices:
    E1200
    E2500
    E3000 (new)
    E3200 (new)
    E4200 (new)
    RV082 (new)
    WRVS4400N

    Mikrotik Devices: (Bug Fixed in RouterOS version 6.38.5)
    CCR1009 (new)
    CCR1016
    CCR1036
    CCR1072
    CRS109 (new)
    CRS112 (new)
    CRS125 (new)
    RB411 (new)
    RB450 (new)
    RB750 (new)
    RB911 (new)
    RB921 (new)
    RB941 (new)
    RB951 (new)
    RB952 (new)
    RB960 (new)
    RB962 (new)
    RB1100 (new)
    RB1200 (new)
    RB2011 (new)
    RB3011 (new)
    RB Groove (new)
    RB Omnitik (new)
    STX5 (new)

    Netgear Devices:
    DG834 (new)
    DGN1000 (new)
    DGN2200
    DGN3500 (new)
    FVS318N (new)
    MBRN3000 (new)
    R6400
    R7000
    R8000
    WNR1000
    WNR2000
    WNR2200 (new)
    WNR4000 (new)
    WNDR3700 (new)
    WNDR4000 (new)
    WNDR4300 (new)
    WNDR4300-TN (new)
    UTM50 (new)

    QNAP Devices:
    TS251
    TS439 Pro
    Other QNAP NAS devices running QTS software

    TP-Link Devices:
    R600VPN
    TL-WR741ND (new)
    TL-WR841N (new)

    Ubiquiti Devices:
    NSM2 (new)
    PBE M5 (new)

    UPVEL Devices:
    Unknown Models (new)

    ZTE Devices:
    ZXHN H108N (new)
      My ComputersSystem Spec

  5. Wiley Coyote's Avatar
    Posts : 924
    Windows 10 Home x64 Version 1809 (OS Build 17763.55)
       07 Jun 2018 #4

    This is not good @Cliff S but thanks for the update. I've been debating on a new Router and couldn't decide. Now I'm thinking it might be a good thing I've procrastinated about it. Surely new "protected" Hardware & Firmware will be out soon.
      My ComputersSystem Spec

  6.    07 Jun 2018 #5

    I have read that same info on BleepingComputer. Worrisome to say the least.

    Luckily, I think I am not affected. Movistar in Spain is using two different optical fibre routers I don't recognize the brand. I don't see it in the list either. Anyway, it's a very good idea to be always up to date firmware-wise.
      My ComputerSystem Spec

  7. f14tomcat's Avatar
    Posts : 37,193
    Triple boot - Win 10 Pro, Win 10 Pro Insider (2) - (and a sprinkling of VMs)
       07 Jun 2018 #6

    My new Verizon router is not on that list. yet.....................
      My ComputersSystem Spec


 

Related Threads
Today is the third time.. I don't remember, for sure it is the second! Win10 @ 1709 showed there are updates available, you may press the button to install them or.. , I don't remember, it doesn't matter, you just want there to push OK, which...
Every...i mean every anti malware blocked by unknown malware/virus in AntiVirus, Firewalls and System Security
i have looked up this issue and apparently this must be a new one since there is no solution what so ever, even the hidden admin account is defenseless, here is what's going on 1. the PC got infected on windows defenders watch, the infection...
I am an IT guy, so security is constantly on my mind -- I would like feed back as well some input and opinions into this injustice done by major manufacturers. This is the fact that major manufacturers of Consumer Routers (Mostly) are building in...
Solved Routers in Network and Sharing
Hello I hope the link I am providing works. I set up my router by bridging the Comcast gateway then enabling WPA2, AES, N etc. and installing a password to enter the router and a key to protect it. I keep the SSID broadcasting. I know there are a...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:05.
Find Us