Virus Attacking Routers Much Worse Than First Thought
There is a new computer virus that is not targeting your computer but rather the router that sits innocently in the corner of your house. The virus is called VPNFilter and was first disclosed by Cisco a couple of weeks ago. It has already infected over 500K networking devices and has prompted the FBI to issue an urgent public service warning to reset your router. Because all your traffic flows through your router, this virus has enormous access to collect your personal information and spy on your activities.
The very latest research from Cisco Talos and other security researchers are now reporting that the list of affected devices is much larger than first reported. In addition to Linksys, Netgear, TP-Link, and MikroTik, the new list also includes ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE (Gryphon with ESET technology is not affected and has active measures to prevent this type of virus). They have also discovered that the virus is capable of much more damage. In addition to collecting all the data that passes through your router, the virus can also infect connected devices served by the router by injecting malicious code when the device is browsing the web. Further research into this virus is ongoing and may uncover more details.
What can you do if you have one of the routers listed above?
- At the minimum, reset your router. This will kill stage 2 and 3 of the virus which is the malicious portion.
- However, stage 1 of the virus can still download the other stages at a later time. To kill stage 1 of the virus, you will need to do a full factory reset of your router. Consult your router manufacturer on how to do that.
- Once you’ve done the first 2 steps, update the software on your router. This virus uses known old vulnerabilities to spread that some manufacturers already has patches for.
- Change your router admin password to something stronger.
- Since this virus collects traffic data, also take the time to update your passwords for sensitive online services such as your online banking.
- For more advanced users, turn off port forwarding. Forwarding ports essentially puts your network device on the Internet for hackers to hack. Note: this virus was first discovered on a port forwarded NAS (network attached storage) device.
- If your router is old and you are shopping for a new router, make sure you get one that prioritizes security.
About the Author
John Wu (Twitter: @johnwu71) is one of the inventors of the MiFi intelligent mobile hotspot and CEO/ co-founder of Gryphon Online Safety, a company dedicated to protecting the connected family with Gryphon, the world’s first mesh WiFi router that uses machine learning to block malware from entering your network and protect kids from inappropriate content online. Learn more about Gryphon at www.gryphonconnect.com
IT Network / System engineer
6 年So essentially it will attach itself accross a nat route. This scenario screams that the virus was allowed into their network but who knows. You would know if you had the virus as your speed would be rubbish. For this virus to read every packet would be a very time consuming task. They keep trying =)
Data Centre | IT Infrastructure | Colocation Service Provider | Global Switch | CloudEdge | Investor | Entrepreneur
6 年A gold mine of tips John, useful cybersecurity insights.