Is your router affected? Cisco’s Talos has released additional details regarding VPNFilter, including a longer list of affected routers and possible attacks. In a follow up post, Cisco’s Talos has discovered “a new stage 3 module that injects malicious content into web traffic as it passes through a network device.” Better known as a “man-in-the-middle” attack, this means that the bad guys can use this vulnerability to intercept network traffic and inject malicious code without the user’s knowledge.
That means a hacker can manipulate what you see on your screen while still performing malicious tasks on your screen. As Craig Williams, a senior technology leader and global outreach manager at Talos, explained, “They can modify your bank account balance so that it looks normal while at the same time they’re siphoning off money and potentially PGP keys and things like that. They can manipulate everything going in and out of the device.”
That is a much greater threat than what was initially feared. Symantec released the following list of routers and NAS devices known to be susceptible to VPNFilter. Some are popular affordable models, and one (the Netgear WNR1000) is provided to Comcast customers in some circumstances.
Affected Routers:
- Linksys E1200
- Linksys E2500
- Linksys WRVS4400N
- Mikrotik Router OS for Cloud Core Routers: Versions 1016, 1036, and 1072
- Netgear DGN2200
- Netgear R6400
- Netgear R7000
- Netgear R8000
- Netgear WNR1000
- Netgear WNR2000
- QNAP TS251
- QNAP TS439 Pro
- Other QNAP NAS devices running QTS software
- TP-Link R600VPN
In the first week of June, Cisco issued a warning that the threat goes beyond even those models and includes a wider swath of routers manufactured by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. So once again: The FBI and Cisco suggest that we all reboot our routers, even if it is not on this list. Rebooting your router eradicates what Cisco calls the “Stage 2” and “Stage 3” elements of VPNFilter — the destructive part of the malware.
What makes VPNFilter so sophisticated is its “Stage 1” element, which can persist even through a reboot and then contact the hackers to reinstall the other stages of the malware.
The only way to fully remove the malware is by performing a factory reset of your router and updating it to the latest firmware revision available, which will protect against known vulnerabilities. It is a complicated procedure that will require you to reconfigure your network settings, but we would recommend doing it if your router is on the list of devices known to be vulnerable to VPNFilter.
The FBI and some hardware makers also recommend disabling remote management features on your router, which are off by default in most cases. You will also want to change your router’s default login credentials, swapping in a strong, and unique password — not one that you may use for any other websites or services. The exact procedure for resetting a router can vary, if you need help please contact the techs here at Frankenstein Computers and Networking.
Adapted from an article on pcworld.com
Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in IT Support, IT Service, MAC repair, PC Repair, Virus Removal, web design and much more. Give us a call for remote support or drop in to drop off.