Welcome to WebmasterWorld Guest from 54.92.153.90

Forum Moderators: incrediBILL

VPNFilter Malware Has Killswitch For Routers

     
7:15 pm on May 24, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25376
votes: 707


According to Cisco's Talos Intelligence Group, there's a malware, they've dubbed VPNFilter, that has infected more than 500,000 routers in 54 countries.
The malware, which the security researchers are calling VPNFilter, contains a killswitch for routers, can steal logins and passwords, and can monitor industrial control systems. VPNFilter Malware Has Killswitch For Routers [cnet.com]
"Quite anything is possible, this attack basically sets up a hidden network to allow an actor to attack the world from a stance that makes attribution quite difficult," Craig Williams, Talos' director, said in an email.


As with any of these things, it's possibly out-of-date firmware that's causing the problems, but the researchers indicate the following makes are affected: Linksys, MikroTik, Netgear and TP-Link.
1:17 am on May 25, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11789
votes: 742


Looks like I'm safe, at least for the present.

At work I've got Qualcomm's 5g with WiFi Certified and at home I just picked up the latest Motorola 20 channel quad-band.

I once used Linksys and Netgear. They worked as intended but that was long before the high-end demand/capabilities of routers nowadays.
11:15 am on May 25, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25376
votes: 707


I asked a few friends last evening when they last updated their router firmware. All said they never have. One asked if it was even a thing.

It's probably the forgotten hardware.
7:11 pm on May 25, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member aristotle is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Aug 4, 2008
posts:3381
votes: 270


Looks like the U.S. FBI has shut down the master server:

FBI seizes domain Russia allegedly used to infect 500,000 consumer routers[arstechnica.com ]
7:15 pm on May 25, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:11789
votes: 742


That's true engine... and most routers don't run anti virus/malware getting updates.

Both my routers are higher-end so they have lots of controls on their web facing account pages, but once installed & preferences set, I've never gone back to maintain them... my bad.

For a few years now I've been reading about hacks targeted at routers. They're the target noone watches and I've read that many botnets are run from ISP customer's routers undetected.
4:06 pm on May 30, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25376
votes: 707


Interestingly, the FBI issued a PSA for users to reboot their routers with the aim of disrupting the malware. It goes on the recommend updating the firmware.

[ic3.gov...]
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members