VPNFilter Router Malware a Big-Sized IoT Botnet

Basically, it has affected the 15-20 at least home or Soho routers, and NAS devices made through Linksys, MikroTik, Netgear, TP-Link, and QNAP, now this has been expanded to include at least another 56 from Asus, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE.

Talos declared this information by trying to select the models VPNfilter on which has been detected but mentioned the size of that job affected devices number at least 500,000, probably more the list is unlikely to be complete.

The updated alert has confirmed that VPNFilter has excellent ability to get man-in-the-middle interception of HTTP/S web traffic as something like that SophosLabs own solution of the malware concluded was highly likely, it means that it is not only able to manage traffic and gain information but deliver exploits to network devices too continuously.

All of them, home routers is a significant opportunity, but malware also infected so many of them are relatively rare. The last home router scare of this multi-vendor magnitude was probably DNSChanger which took years for anyone to notice, having first emerged in 2007.

As confirmed that the VPN filter is stronger– that means, no simple way to detect it from entering – in another side the safest solution is that any home router owners from one of the affected vendors should take precautions immediately.

What about precautions?

The chances of VPNFilter infecting a router are low given the number of infections detected by Talos relative to the significant number of home routers. However, it’s a good idea to brush up on the below anyway.

Directly, turn off your router. VPNFilter elements can reportedly survive this, and reinstate infection. Then only one option is left that – a big reset from its factory state.

Then make sure for a wired internet connection to the router, two ways are given below to do this – if it is connected to the internet or any extra security then disconnected from it. If you have selected the second option, then you need to download the latest firmware image manually before process starting.

If select the more straightforward option that is a reset while connected to the internet then no need to worry the router will help you with a process of setting up a new internet connection, before following the below the following:

1- Update the latest firmware version.

It is a critical part of the puzzle because nowadays routers are victim to security vulnerabilities that er need to patch on an ongoing basis.

2- Reinstate router settings from a backup configuration file.

If these were saved before doing the reset process, it would save your time manually configuring them from scratch.

It is the best time to change your password and username of the routers. Also, you can check the router to get any of the below interfaces are running, you haven’t any requirement for that:-

  • Port forwarding
  • Remote web admin
  • Unused services such as Telnet, Ping, FTP, SMB, UPnP, WPS, and remote access to NAS.
  • Turn on logging – this might provide clues of future infection.

Leave a Reply