{"id":263487,"date":"2018-06-07T09:30:16","date_gmt":"2018-06-07T07:30:16","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=263487"},"modified":"2018-06-07T09:53:42","modified_gmt":"2018-06-07T07:53:42","slug":"all-the-routers-affected-by-vpnfilter-malware","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/263487-all-the-routers-affected-by-vpnfilter-malware.html","title":{"rendered":"All the routers affected by VPNFilter malware"},"content":{"rendered":"

In May,\u00a0Symantec warned<\/strong><\/a> about new malware, known as VPNFilter, which targets routers and network-attached storage devices.<\/p>\n

VPNFilter can knock out and kill infected devices, and unlike most IoT threats, it can survive a reboot.<\/p>\n

VPNFilter has various malicious capabilities, which include spying on traffic routed through the device.<\/p>\n

\u201cIts creators appear to have a particular interest in SCADA industrial control systems, creating a module which specifically intercepts Modbus SCADA communications,\u201d said Symantec.<\/p>\n

Good news is that the malware does not appear to scan and indiscriminately infect every vulnerable device.<\/p>\n

\n

VPNFilter<\/h3>\n

Cisco Talos recently discovered<\/strong><\/a> that VPNFilter was targeting more routers and NAS devices than initially thought, and has additional capabilities.<\/p>\n

It said VPNFilter is capable of infecting enterprise and small office and home office routers from ASUS, D-Link, Huawei, Linksys, MikroTik, Netgear, TP-Link, Ubiquiti, Upvel, and ZTE.<\/p>\n

The malware can also infect and make it possible to attack QNAP NAS devices.<\/p>\n

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Devices affected by VPNFilter<\/strong><\/span><\/td>\n<\/tr>\n
ASUS<\/td>\nD-Link<\/strong><\/td>\nLinksys<\/strong><\/td>\nTP-Link<\/strong><\/td>\n<\/tr>\n
ASUS RT-AC66U<\/td>\nD-Link DES-1210-08P<\/td>\nLinksys E1200<\/td>\nTP-Link R600VPN<\/td>\n<\/tr>\n
ASUS RT-N10<\/td>\nD-Link DIR-300<\/td>\nLinksys E2500<\/td>\nTP-Link TL-WR741ND<\/td>\n<\/tr>\n
ASUS RT-N10E<\/td>\nD-Link DIR-300A<\/td>\nLinksys E3000<\/td>\nTP-Link TL-WR841N<\/td>\n<\/tr>\n
ASUS RT-N10U<\/td>\nD-Link DSR-250N<\/td>\nLinksys E3200<\/td>\n<\/td>\n<\/tr>\n
ASUS RT-N56U<\/td>\nD-Link DSR-500N<\/td>\nLinksys E4200<\/td>\nHuawei<\/strong><\/td>\n<\/tr>\n
ASUS RT-N66U<\/td>\nD-Link DSR-1000<\/td>\nLinksys RV082<\/td>\nHuawei HG8245<\/td>\n<\/tr>\n
<\/td>\nD-Link DSR-1000N<\/td>\nLinksys WRVS4400N<\/td>\n<\/td>\n<\/tr>\n
<\/td>\n<\/tr>\n
Ubiquiti<\/strong><\/td>\nZTE<\/strong><\/td>\nUpvel<\/strong><\/td>\nQNAP<\/strong><\/td>\n<\/tr>\n
Ubiquiti NSM2<\/td>\nZTE Devices ZXHN H108N<\/td>\nUpvel Devices – unknown models<\/td>\nQNAP TS251<\/td>\n<\/tr>\n
Ubiquiti PBE M5<\/td>\n<\/td>\nQNAP TS439 Pro<\/td>\n<\/tr>\n
<\/td>\nOther QNAP NAS devices running QTS software<\/td>\n<\/tr>\n
<\/td>\n<\/tr>\n
MikroTik<\/strong><\/td>\nNetgear<\/strong><\/td>\n<\/tr>\n
MikroTik CCR1009<\/td>\nMikroTik CCR1016<\/td>\nNetgear DG834<\/td>\nNetgear DGN1000<\/td>\n<\/tr>\n
MikroTik CCR1036<\/td>\nMikroTik CCR1072<\/td>\nNetgear DGN2200<\/td>\nNetgear DGN3500<\/td>\n<\/tr>\n
MikroTik CRS109<\/td>\nMikroTik CRS112<\/td>\nNetgear FVS318N<\/td>\nNetgear MBRN3000<\/td>\n<\/tr>\n
MikroTik CRS125<\/td>\nMikroTik RB411<\/td>\nNetgear R6400<\/td>\nNetgear R7000<\/td>\n<\/tr>\n
MikroTik RB450<\/td>\nMikroTik RB750<\/td>\nNetgear R8000<\/td>\nNetgear WNR1000<\/td>\n<\/tr>\n
MikroTik RB911<\/td>\nMikroTik RB921<\/td>\nNetgear WNR2000<\/td>\nNetgear WNR2200<\/td>\n<\/tr>\n
MikroTik RB941<\/td>\nMikroTik RB951<\/td>\nNetgear WNR4000<\/td>\nNetgear WNDR3700<\/td>\n<\/tr>\n
MikroTik RB952<\/td>\nMikroTik RB960<\/td>\nNetgear WNDR4000<\/td>\nNetgear WNDR4300<\/td>\n<\/tr>\n
MikroTik RB962<\/td>\nMikroTik RB1100<\/td>\nNetgear WNDR4300-TN<\/td>\nNetgear UTM50<\/td>\n<\/tr>\n
MikroTik RB1200<\/td>\nMikroTik RB2011<\/td>\n<\/td>\n<\/tr>\n
MikroTik RB3011<\/td>\nMikroTik RB Groove<\/td>\n<\/td>\n<\/tr>\n
MikroTik RB Omnitik<\/td>\nMikroTik STX5<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n
\n

What owners should do<\/h3>\n

If you own one of these devices, you should immediately reboot it. This will temporarily remove the destructive component of VPNFilter.<\/p>\n

However, if infected, the continuing presence of the malware means the full VPNFilter can be reinstalled by attackers.<\/p>\n

Performing a hard reset of the device, which restores factory settings, should wipe it clean and remove all traces of the malware.<\/p>\n

Users should also apply the latest available patches to affected devices and ensure that none use default credentials.<\/p>\n

Netgear advised its customers to change default passwords and ensure that remote management is turned off.<\/p>\n

\n

Now read:\u00a0How South African comedians lost R300,000 in email scam<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"

VPNFilter can infect routers from multiple brands.<\/p>\n","protected":false},"author":23,"featured_media":152621,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[37629,411,51451],"class_list":["post-263487","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cisco-talos","tag-symantec","tag-vpnfilter"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/263487"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=263487"}],"version-history":[{"count":2,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/263487\/revisions"}],"predecessor-version":[{"id":263531,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/263487\/revisions\/263531"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/152621"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=263487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=263487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=263487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}