
05 Jun VPNFilter Malware: What is it, and are you protected?
Image Credit
About a week ago, reports from the FBI of a new type of malware surfaced. This new malware is now known as VPNFilter, and targets routers, rather than pc’s or servers.
Routers, as you may or may not know, are a network hub or gateway through which every computer in your home or workplace is connected which enables them to connect to the internet. Essentially, VPNFilter infects the router directly and “sniffs” or tracks all of the web traffic going through the router, and, if given a command from whoever is controlling the malware, can “brick” or lock up your router making it completely unusable.
While the malware sounds scary, there is good news! Only certain models of routers have been identified as being vulnerable to VPNFilter. Here at SOS|Support, security is a top priority, and because of this we highly encourage all of our clients to use Dell SonicWALLs, which take the place of a traditional router. Soon after the VPNFilter news broke, the folks over at SonicWALL released this statement, to let us know that SonicWALL’s have not been affected by, and are not vulnerable to the VPNFilter malware.
For everyone who does not have a SonicWALL, the following list of routers are those that have been identified as vulnerable:
Linksys E1200
Linksys E2500
Linksys WRVS4400N
Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
Netgear DGN2200
Netgear R6400
Netgear R7000
Netgear R8000
Netgear WNR1000
Netgear WNR2000
QNAP TS251
QNAP TS439 Pro
Other QNAP NAS devices running QTS software
TP-Link R600VPN
If you have any of these routers in your home or office, the FBI has instructed that you reboot the router as soon as you can by simply unplugging the router for 30 seconds and then plugging it back in. VPNFilter is a “multi-stage” form of malware, meaning that it works in pieces, and rebooting the router can disrupt the process of the malware installation. We also strongly suggest that you check the username and password on your home routers to ensure that a unique username and password are used. If you have any issues or want help with this, please don’t hesitate to contact SOS Support!
If you have not yet had us install a SonicWALL in your home network or small business, we highly encourage it! This is just one of countless examples of the benefits of the upgraded security that a SonicWALL provides!
6/7/2018 Update:
Per TomsGuide, here is an updated list of affected Routers:
Asus RT-AC66U
Asus RT-N10
Asus RT-N10E
Asus RT-N10U
Asus RT-N56U
Asus RT-N66U
D-Link DES-1210-08P
D-Link DIR-300
D-Link DIR-300A
D-Link DSR-250N
D-Link DSR-500N
D-Link DSR-1000
D-Link DSR-1000N
D-Link support page specifically for VPNFilter
Huawei HG8245
Unofficial reset instructions; we couldn’t find the firmware
Linksys E1200
Linksys E2500
Linksys E3000
Linksys E3200
Linksys E4200
Linksys RV082
Linksys WRVS4400N
MikroTik CCR1009
MikroTik CCR1016
MikroTik CCR1036
MikroTik CCR1072
MikroTik CRS109
MikroTik CRS112
MikroTik CRS125
MikroTik RB411
MikroTik RB450
MikroTik RB750
MikroTik RB911
MikroTik RB921
MikroTik RB941
MikroTik RB951
MikroTik RB952
MikroTik RB960
MikroTik RB962
MikroTik RB1100
MikroTik RB1200
MikroTik RB2011
MikroTik RB3011
MikroTik RB Groove
MikroTik RB Omnitik
MikroTik STX5
MicroTik support page, which is pretty confusing
Netgear DG834
Netgear DGN1000
Netgear DGN2200
Netgear DGN3500
Netgear FVS318N
Netgear MBRN3000
Netgear R6400
Netgear R7000
Netgear R8000
Netgear WNR1000
Netgear WNR2000
Netgear WNR2200
Netgear WNR4000
Netgear WNDR3700
Netgear WNDR4000
Netgear WNDR4300
Netgear WNDR4300-TN
Netgear UTM50
QNAP TS251
QNAP TS439 Pro
Other QNAP NAS devices running QTS software
TP-Link R600VPN
TP-Link TL-WR741ND
TP-Link TL-WR841N
Ubiquiti NSM2
Ubiquiti PBE M5
Ubiquiti firmware and documentation
Upvel — unknown models
Upvel firmware downloads (in Russian)
ZTE Devices ZXHN H108N