VPNFilter router malware is worse than first thought, affects more devices

[midian182]

Bottom line: Remember VPNFilter, the multi-stage router malware that was discovered last month? Cisco researchers said it had infected over 50,000 devices in more than 50 countries, leading to the FBI recommending all users reboot their routers. As bad as that sounds, it seems VPNFilter is even worse than people thought.

We already knew that the malware, which is said to originate in Russia, can collect data, infect other devices, steal credentials, and even destroy a device by overwriting a critical portion of its firmware. Cisco Talos has now discovered a new stage 3 module that can bypass SSL encryption by intercepting outgoing web requests and turning them into non-encrypted HTTP, helping it to steal sensitive data.

Additionally, the new module can use man-in-the-middle attacks to inject malicious content into web traffic. Another newly discovered feature is the malware’s ability to infect other devices, including PCs on the same local network.

It appears that more routers are affected than previously thought, too. A handful of devices from Linksys, MikroTik, Netgear, QNAP, and TP-Link were originally said to be the only ones vulnerable, but it seems more models from these brands, along with routers from Asus, D-Link, Huawei, Ubiquiti, Upvel and ZTE, are also at risk. You can see the full list at the bottom of this page.

While VPNFilter is mostly targeting routers in Ukraine, suggesting a political motivation, it's strongly recommended that all owners of the affected routers update their firmware or perform a factory reset.

Permalink to story.

https://www.techspot.com/news/74970-vpnfilter-router-malware-worse-than-first-thought-affects.html

 

[Theinsanegamer]

Always change any default passwords. That would have stopped this attack before it started.

 

[Gabriel Pike]

Keep your firmware updated! In many cases this vulnerability was discovered last year and all it takes is a firmware update to fix the flaw.

 

[DelJo63]

The full list of targeted routers is attached

 

[PinothyJ]

Wooo! Asus router not on the list .

 

[Badvok]

Wooo! Asus router not on the list .

"we assess that this list may still be incomplete and other devices may be affected."

 

[Someone8MyPosts]

Keep your firmware updated! In many cases this vulnerability was discovered last year and all it takes is a firmware update to fix the flaw.

If so, it wouldn't have been an issue in the first place. Do you really think that a firmware update is going to fix things, when companies let this crap out the door? If you're always in catch and fix mode, there's little point to bothering.

 

[Gabriel Pike]

If so, it wouldn't have been an issue in the first place. Do you really think that a firmware update is going to fix things, when companies let this crap out the door? If you're always in catch and fix mode, there's little point to bothering.

Updating your equipment is not optional it is mandatory. It is impossible to see all potential future flaws to hardware or software when the methods of attack have not yet been developed. Why do you think computer OS updates happen all of the time?

 

[DelJo63]

There is an engineering process called "Code Review" wherein every line of code is examined by team members, analyzed and edited as necessary for standards, style and security compliance. It's easily seen that reading is so time consuming that everyone and his dog will get to market before your "perfected code" ever sees daylight. Therefore, commercial code (as apposed to military/life support) rarely uses code reviews today.

It's also well established after decades of development, that you can NOT test quality into a product - - it comes from great design and standards.

Ergo: Bugs will always exist and must be resolved :sigh: