Malware VPNFilter can infect more than 700,000 routers; know how to run away
Experts have issued a new alert about VPNFilter, a malware that infects Internet routers to steal user passwords. According to researchers at Talos, Cisco's intelligence arm, the threat reaches more devices than initially expected, increasing the estimate of 500, 000 to about 700, 000 casualties worldwide.
An in-depth investigation has also revealed that the attack is even more sophisticated than previously thought. In addition to obtaining personal information, the virus can intercept Internet traffic and even modify bank pages. The FBI investigates the problem and recommends that all users reset their routers. This Thursday (7), the Public Ministry also issued a statement for all Brazilians to restart the devices. Learn all about the threat and see how to protect yourself.
Router Security: Understand Risks and See Tips to Protect Yourself
Malware VPNFilter can infect more than 700, 000 routers; know how to run away
Increases the number of routers reached
Cisco initially showed that VPNFilter could only reach Linksys, Netgear, TP-Link and MikroTik routers. However, an update of the study points out that the number of affected models of these brands is even greater, and products from other manufacturers can also be hit. Experts added to the list routers manufactured by Asus, D-Link, Huawei, Ubiquiti and ZTE.
Routers Affected by VPNFilter
| ASUS | D-LINK | HUAWEI | MIKROTIK | NETGEAR | UBIQUITI | TP-LINK | ZTE |
| RT-AC66U | DES-1210-08P | HG8245 | CCR1009 | DG834 | NSM2 | R600VPN | ZXHN H108N |
| RT-N10 | DIR-300 | LINKSYS | CCR1016 | DGN1000 | PBE M5 | TL-WR741ND | |
| RT-N10E | DIR-300A | E1200 | CCR1036 | DGN2200 | TL-WR841N | ||
| RT-N10U | DSR-250N | E2500 | CCR1072 | DGN3500 | |||
| RT-N56U | DSR-500N | E3000 | CRS109 | FVS318N | |||
| RT-N66U | DSR-1000 | E3200 | CRS112 | MBRN3000 | |||
| DSR-1000N | E4200 | CRS125 | R6400 | ||||
| RV082 | RB411 | R7000 | |||||
| WRVS4400N | RB450 | R8000 | |||||
| RB750 | WNR1000 | ||||||
| RB911 | WNR2000 | ||||||
| RB921 | WNR2200 | ||||||
| RB941 | WNR4000 | ||||||
| RB951 | WNDR3700 | ||||||
| RB952 | WNDR4000 | ||||||
| RB960 | WNDR4300 | ||||||
| RB962 | WNDR4300-TN | ||||||
| RB1100 | UTM50 | ||||||
| RB1200 | |||||||
| RB2011 | |||||||
| RB3011 | |||||||
| RB Groove | |||||||
| RB Omnitik | |||||||
| STX5 |
More sophistication
VPNFilter takes advantage of different security flaws in each attacked device to increase the casualties, a feature considered rare in such malware. The attack exploits known vulnerabilities in outdated routers and opens the way to downloading other malicious packets.
The malware then begins to intercept communication between devices connected to the Wi-Fi network and the web and forces the opening of HTTP pages, not HTTPS, the safest standard. When the virus manages to overturn the protection, personal information - such as passwords and logins - is exposed and can be transferred to criminals' servers.
Cisco has discovered that VPNFilter can also emulate fake pages automatically on the victim's computer. With the user's bank password in hand, for example, hackers can withdraw amounts from the account while the browser shows the balance intact to avoid suspicion. At the end of the attack, the malware is able to self-destruct to eliminate traces of the blow.
How to set your Wi-Fi router password
How to protect yourself
The VPNFilter has made victims mainly in Ukraine, but the actual extent of the attack is still unknown. In conversation with TechTudo, Luis Corrons, an Avast security evangelist, recommended care even if his router does not appear on the hit list. "VPNFilter can spread to multiple routers, no matter where they are in the world, including Brazil." Here's what you can do to stay safe:
Step 1. Routers usually have a small button on the back to reset the device. The measure allows you to remove the key features of VPNFilter, preventing malware from intercepting your internet traffic.
Hold the button down for several seconds until all lights blink. The device will return to the initial settings, so you will need to set it up again to re-establish the connection. The default network password is usually printed on a label on the back of the machine.
Press the reset button for several seconds to apply factory defaults
Step 2. Next, it is important to search for system updates for the router. Many of the vulnerabilities exploited by VPNFilter may have already been fixed by the vendors and have not been installed on the product. The update procedure varies from brand to brand. For example, in D-Link and TP-Link routers, you need to download the update package before installing it on the device.
Step 3. After the update, it is essential to change the access password to the router, since the default login is very simple to guess in most cases. Experts also recommend disabling the "Remote Administration" function if it was previously activated by the user - the feature is off at the factory.
Via Talos, FBI, BGR and Prosecutor's Office
How to change the router's channel to improve the Wi-Fi signal? Learn in the Forum
