VPNFilter Infecting Thousands of Devices – More than Expected!

Windows Articles

How to enable and disable SMB1/SMB2 in Windows 10

Hello! Windows 10 is an operating system that integrates various protocols to ensure its use with internal and external processes. Indeed, one...

Install Wine 5 on Debian 10

Hi, folks. In this post, I will help you install Wine 5 on Debian 10. Wine is one of...

Is ReactOS a real alternative to Windows?

Oh! The eternal struggle of computer operating systems. Windows vs. GNU/Linux and Mac as a distant spectator However, there are also interesting...

How to install Firebird on Ubuntu 20.04/ 18.04?

Database management systems are sufficient for many kinds of projects. Of course, they abound with MySQL / MariaDB or PostgreSQL popular but...

How to disable Firewall in Windows Server 2019/2016

Hello! The Firewall performs an essential security task on any version of Windows Server. In fact, it has the mission of preventing...
Mel Khamlichi
Mel Khamlichihttp://www.osradar.com
Founder of Osradar, from Amsterdam Netherlands

VPNFilter is one of the nastiest malware in the history that’s specifically designed for infecting routers. This malware comes up with the power of stealing data, a “kill switch” that can immediately destroy the router command and is able to stay on the device even if the device is rebooted. Russian “Fancy Bears” is the suspect of releasing this beast in the wild.

Here’s a short summary of VPNFilter working system.

More devices prone to infection

Now, we know more shocking news about its hidden power! According to Cisco Talos security team, the malware is also able to infect devices from UPVEL, Ubiquiti, D-Link, ASUS, ZTE and Huawei devices! With this discovery, the total number of vulnerable device models have gone straight up from 16 to 71 with the possibility of more vulnerable device models.

In the meantime, the malware is spreading really fast with 500,000+ confirmed, infected routers and NAS devices across 54 countries.

VPNFilter plugins

In addition, researchers also discovered new abilities of the VPNFilter malware. These enhancements come up as third-sate plugins as a part of the malware’s tri-stage deployment system.

Here are all the 4 known plugins to date.

  • ssler – Intercepts and modifies web traffic on port 80 using man-in-the-middle attack. It’s also able to downgrade traffic from HTTPS to HTTP.
  • dstr – Overwrites device’s firmware files.
  • ps – This plugin can sniff network packets and identify certain types of network traffic. According to Cisco, this plugin is to identify Modbus TCP/IP packets, often used by SCADA equipment and industrial software. The latest report also claims that this plugin also looks for industrial equipment connecting over TP-Link R600 virtual private network.
  • tor – VPNFilter uses this plugin for communicating with a “command & control” server via the Tor network.

How to stay secured

There are several steps that you can do to keep your device secured. However, rebooting your device isn’t enough anymore.

First of all, change the default username and password of the router’s access page. You also have to upgrade your device’s firmware to the latest possible version. Disable the remote administration in your router’s settings. It’s also recommended to reset your router to factory default, but be careful as rearranging router settings to the previous stage can be painful for general users.

For performing these actions, follow the instructions from your router’s manufacturer page. In the future, better routers are going to come out that can fight against VPNFilter. Moreover, those will come up with WPA3 as the default protocol. Learn more about WPA3.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to enable and disable SMB1/SMB2 in Windows 10

Hello! Windows 10 is an operating system that integrates various protocols to ensure its use with internal and external processes. Indeed, one...

Install Wine 5 on Debian 10

Hi, folks. In this post, I will help you install Wine 5 on Debian 10. Wine is one of...

Is ReactOS a real alternative to Windows?

Oh! The eternal struggle of computer operating systems. Windows vs. GNU/Linux and Mac as a distant spectator However, there are also interesting...

How to install Firebird on Ubuntu 20.04/ 18.04?

Database management systems are sufficient for many kinds of projects. Of course, they abound with MySQL / MariaDB or PostgreSQL popular but...

How to disable Firewall in Windows Server 2019/2016

Hello! The Firewall performs an essential security task on any version of Windows Server. In fact, it has the mission of preventing...